CVE-2024-12902
HIGHGlobal Wisdom Software ANCHOR 2.5.0-2.5.9.4 and 2.7.0-2.7.2.3 - Use of Default Credentials
Title source: llmDescription
ANCHOR from Global Wisdom Software is an integrated product running on a Windows virtual machine. The underlying Windows OS of the product contains high-privilege service accounts. If these accounts use default passwords, attackers could remotely log in to the virtual machine using the default credentials.
References (2)
Core 2
Core References
Various Sources third-party-advisory
https://www.twcert.org.tw/tw/cp-132-8314-983c9-1.html
Various Sources third-party-advisory
https://www.twcert.org.tw/en/cp-139-8315-e6069-2.html
Scores
CVSS v3
8.4
EPSS
0.0017
EPSS Percentile
6.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-1392
Status
published
Products (2)
Global Wisdom Software/ANCHOR
2.5.* - 2.5.9.5
Global Wisdom Software/ANCHOR
2.7.* - 2.7.2.4
Published
Dec 23, 2024
Tracked Since
Feb 18, 2026