{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2019-25241","assignerOrgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","state":"PUBLISHED","assignerShortName":"VulnCheck","dateReserved":"2025-12-24T14:27:12.476Z","datePublished":"2025-12-24T19:27:58.126Z","dateUpdated":"2025-12-31T13:57:16.676Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"FaceSentry Access Control System","vendor":"iWT Ltd.","versions":[{"status":"affected","version":"6.4.8 build 264"},{"status":"affected","version":"5.7.2 build 568"},{"status":"affected","version":"5.7.0 build 539"}]}],"credits":[{"lang":"en","type":"finder","value":"LiquidWorm as Gjoko Krstic of Zero Science Lab"}],"datePublic":"2019-05-28T00:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configuration to escalate privileges and gain root access by executing sudo commands without authentication.</p>"}],"value":"FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configuration to escalate privileges and gain root access by executing sudo commands without authentication."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-798","description":"Use of Hard-coded Credentials","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","shortName":"VulnCheck","dateUpdated":"2025-12-31T13:57:16.676Z"},"references":[{"name":"ExploitDB-47067","tags":["exploit"],"url":"https://www.exploit-db.com/exploits/47067"},{"name":"Vendor Product Homepage","tags":["product"],"url":"http://www.iwt.com.hk"},{"name":"Zero Science Lab Disclosure (ZSL-2019-5526)","tags":["third-party-advisory"],"url":"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5526.php"}],"source":{"discovery":"UNKNOWN"},"title":"FaceSentry Access Control System 6.4.8 Remote SSH Root Access","x_generator":{"engine":"vulncheck"}},"adp":[{"references":[{"url":"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5526.php","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-12-24T20:04:18.019329Z","id":"CVE-2019-25241","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-24T20:23:18.700Z"}}]}}