Vulnerabilities > CVE-2015-6033 - Cryptographic Issues vulnerability in Qolsys IQ Panel

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

qolsys

CWE-310

critical

NVD

Published: 2015-10-31

Updated: 2015-11-02

Summary

Qolsys IQ Panel (aka QOL) before 1.5.1 does not verify the digital signatures of software updates, which allows man-in-the-middle attackers to bypass intended access restrictions via a modified update.

Vulnerable Configurations

Part	Description	Count
Application	Qolsys Qolsys IQ Panel *	1

Common Weakness Enumeration (CWE)

CWE-310 - Cryptographic Issues

Common Attack Pattern Enumeration and Classification (CAPEC)

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

References

http://www.kb.cert.org/vuls/id/573848