CVE-2019-19754

MEDIUM Year: 2019
CVSS v3 Score
5.7
Medium
Weakness Type
CWE-321
View all →

Vulnerability Description

HiveOS through 0.6-102@191212 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as of 2019-09-26, the vendor indicated that they would consider fixing this.

Related Vulnerabilities

CVE-2018-3825

MEDIUM
CVSS:5.9(Medium)

In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Unless explicitly overwritten, ...

CWE-3212018

CVE-2020-25231

MEDIUM
CVSS:5.5(Medium)

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The encryption of program data for the affected devices uses ...

CWE-3212020

CVE-2020-25233

MEDIUM
CVSS:5.5(Medium)

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The firmware update of affected devices contains the private RSA key that is used as a basis for encryp...

CWE-3212020

CVE-2020-28391

MEDIUM
CVSS:5.9(Medium)

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5....

CWE-3212020

CVE-2020-28395

MEDIUM
CVSS:5.9(Medium)

A vulnerability has been identified in SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). Devices do no...

CWE-3212020

CVE-2021-27481

MEDIUM
CVSS:5.5(Medium)

ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive...

CWE-3212021