CVE-2019-13525 Vulnerability Details

  /     /     /  

CVE-2019-13525 Metadata Quick Info

CVE Published: 25/10/2019 | CVE Updated: 04/08/2024 | CVE Year: 2019
Source: icscert | Vendor: n/a | Product: Honeywell IP-AK2
Status : PUBLISHED

---

CVE-2019-13525 Description

In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data, which can be accessed without authentication over the network.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-306
CWE Name: MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).