CVE-2019-5626
Last modified
CVE-2019-5626 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. The Android mobile application BlueCats Reveal before 3.0.19 stores the username and password in a clear text file. This file persists until the user logs out or the session times out from non-usage (30 days of no user activity). EPSS estimates a 0.35% chance of exploitation in the next 30 days.
Description
The Android mobile application BlueCats Reveal before 3.0.19 stores the username and password in a clear text file. This file persists until the user logs out or the session times out from non-usage (30 days of no user activity). This can allow an attacker to compromise the affected BlueCats network implementation. The attacker would first need to gain physical control of the Android device or compromise it with a malicious app.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Bluecats | Bluecats Reveal | < 3.0.19 |
References
- https://blog.rapid7.com/2019/05/21/investigating-the-plumbing-of-the-iot-ecosystem-r7-2018-65-r7-2019-07-fixed/Exploit, Third Party Advisory
- https://blog.rapid7.com/2019/05/21/investigating-the-plumbing-of-the-iot-ecosystem-r7-2018-65-r7-2019-07-fixed/Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-5626?
How severe is CVE-2019-5626?
How do I fix CVE-2019-5626?
Are you affected by CVE-2019-5626?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST