Sign-up

ID

VAR-201901-0270


CVE

CVE-2019-3908


TITLE

Premisys Identicard Vulnerabilities related to the use of hard-coded credentials

Trust: 0.8

sources: JVNDB: JVNDB-2019-001385

DESCRIPTION

Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data. Premisys Identicard Contains a vulnerability in the use of hard-coded credentials.Information may be obtained. IDenticard Premisys is a set of access control systems from IDenticard Systems, USA. The system allows the system to grant and restrict access to doors, lock down facilities, view integrated reports, create detailed reports, and more. There are security vulnerabilities in IDenticard Systems version 3.1.190. A weak-encryption security weakness Attackers may exploit these issues to gain unauthorized access to the affected application, or to bypass certain security restrictions to perform unauthorized actions, and view encrypted data and obtain sensitive information. Premisys 3.1.190 is vulnerable; other versions may also be affected

Trust: 2.52

sources: NVD: CVE-2019-3908 // JVNDB: JVNDB-2019-001385 // CNVD: CNVD-2019-39193 // BID: 106552 // VULMON: CVE-2019-3908

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-39193

AFFECTED PRODUCTS

vendor:identicardmodel:premisys idscope:eqversion:3.1.190

Trust: 1.8

vendor:identicardmodel:premisys identicardscope:eqversion:3.1.190

Trust: 0.6

vendor:identicardmodel:systems premisysscope:eqversion:3.1.190

Trust: 0.3

sources: CNVD: CNVD-2019-39193 // BID: 106552 // JVNDB: JVNDB-2019-001385 // NVD: CVE-2019-3908

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3908
value: HIGH

Trust: 1.0

NVD: CVE-2019-3908
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-39193
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201901-594
value: HIGH

Trust: 0.6

VULMON: CVE-2019-3908
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-3908
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-39193
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-3908
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-3908
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-39193 // VULMON: CVE-2019-3908 // JVNDB: JVNDB-2019-001385 // CNNVD: CNNVD-201901-594 // NVD: CVE-2019-3908

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.8

problemtype:CWE-259

Trust: 1.0

sources: JVNDB: JVNDB-2019-001385 // NVD: CVE-2019-3908

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-594

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201901-594

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-001385

PATCH
title:Premisys IDurl:https://www.identicard.com/identification-solutions/photo-id-software/premisys-id-comprehensive-identification-management-solution/
Trust: 0.8
title:Threatposturl:https://threatpost.com/identicard-zero-days-allow-corporate-building-access-location-recon/140891/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-3908 // 
            
            
            
            JVNDB: JVNDB-2019-001385

EXTERNAL IDS
db:NVDid:CVE-2019-3908
Trust: 3.4
db:TENABLEid:TRA-2019-01
Trust: 2.8
db:BIDid:106552
Trust: 2.0
db:ICS CERTid:ICSA-19-031-02
Trust: 1.2
db:JVNDBid:JVNDB-2019-001385
Trust: 0.8
db:CNVDid:CNVD-2019-39193
Trust: 0.6
db:CNNVDid:CNNVD-201901-594
Trust: 0.6
db:VULMONid:CVE-2019-3908
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-39193 // 
            
            
            
            VULMON: CVE-2019-3908 // 
            
            
            
            BID: 106552 // 
            
            
            
            JVNDB: JVNDB-2019-001385 // 
            
            
            
            CNNVD: CNNVD-201901-594 // 
            
            
            
            NVD: CVE-2019-3908

REFERENCES
url:https://www.tenable.com/security/research/tra-2019-01
Trust: 2.8
url:http://www.securityfocus.com/bid/106552
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2019-3908
Trust: 1.4
url:https://ics-cert.us-cert.gov/advisories/icsa-19-031-02
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3908
Trust: 0.8
url:https://www.identicard.com/access-control/premisys-access-control-system/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/798.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/identicard-zero-days-allow-corporate-building-access-location-recon/140891/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-39193 // 
            
            
            
            VULMON: CVE-2019-3908 // 
            
            
            
            BID: 106552 // 
            
            
            
            JVNDB: JVNDB-2019-001385 // 
            
            
            
            CNNVD: CNNVD-201901-594 // 
            
            
            
            NVD: CVE-2019-3908

CREDITS
Tenable
Trust: 0.9
sources:
            
            
            BID: 106552 // 
            
            
            
            CNNVD: CNNVD-201901-594

SOURCES
db:CNVDid:CNVD-2019-39193
db:VULMONid:CVE-2019-3908
db:BIDid:106552
db:JVNDBid:JVNDB-2019-001385
db:CNNVDid:CNNVD-201901-594
db:NVDid:CVE-2019-3908

LAST UPDATE DATE
2024-11-23T21:52:36.296000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-39193date:2019-11-05T00:00:00
db:VULMONid:CVE-2019-3908date:2019-10-09T00:00:00
db:BIDid:106552date:2019-01-14T00:00:00
db:JVNDBid:JVNDB-2019-001385date:2019-03-01T00:00:00
db:CNNVDid:CNNVD-201901-594date:2019-10-17T00:00:00
db:NVDid:CVE-2019-3908date:2024-11-21T04:42:50.530

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-39193date:2019-11-05T00:00:00
db:VULMONid:CVE-2019-3908date:2019-01-18T00:00:00
db:BIDid:106552date:2019-01-14T00:00:00
db:JVNDBid:JVNDB-2019-001385date:2019-03-01T00:00:00
db:CNNVDid:CNNVD-201901-594date:2019-01-16T00:00:00
db:NVDid:CVE-2019-3908date:2019-01-18T18:29:00.327