CVE-2019-16067

HIGH

NETSAS Enigma NMS <65.0.0 - Info Disclosure

Title source: llm

Description

NETSAS Enigma NMS 65.0.0 and prior utilises basic authentication over HTTP for enforcing access control to the web application. The use of weak authentication transmitted over cleartext protocols can allow an attacker to steal username and password combinations by intercepting authentication traffic in transit.

References (1)

[Exploit, Third Party Advisory] https://www.mogozobo.com/?p=3647

Scores

CVSS v3 7.5

EPSS 0.0015

EPSS Percentile 35.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-319 CWE-522

Status published

Affected Products (1)

netsas/enigma_network_management_solution < 65.0.0

Timeline

Published Mar 19, 2020

Tracked Since Feb 18, 2026