CVE-2025-49197
Analyzed
Analyzed - Analysis Complete
BaseFortify
Publication date: 2025-06-12
Last updated on: 2026-01-26
Assigner: SICK AG
Description
Description
The application uses a weak password hash function, allowing an attacker to crack the weak password hash to gain access to an FTP user account.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sick | media_server | to 1.5 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-328 | The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack). |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
An attacker who exploits this vulnerability can gain access to an FTP user account without authorization, potentially leading to unauthorized data access or manipulation.
Can you explain this vulnerability to me?
This vulnerability involves the use of a weak password hash function in the application, which allows an attacker to crack the hashed password and gain unauthorized access to an FTP user account.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70