anonhaven
Ad

CVE-2019-25278

CRITICAL CVSS 4.0: 9.1 EPSS 0.05%
Updated Jan 16, 2026
Iwt
Parameter Value
CVSS 9.1 (CRITICAL)
Type CWE-319 (Cleartext Transmission)
Vendor Iwt
Public PoC Yes

FaceSentry Access Control System 6.4.8 contains a cleartext transmission vulnerability that allows remote attackers to intercept authentication credentials. Attackers can perform man-in-the-middle attacks to capture HTTP cookie authentication information during network communication.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
High
Difficult to exploit
Attack Requirements
None
No additional conditions
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
None
No disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-319 Cleartext Transmission

Vulnerable Products 4

Configuration From (including) Up to (excluding)
Iwt Facesentry_Access_Control_System_Firmware
cpe:2.3:o:iwt:facesentry_access_control_system_firmware:5.7.0:*:*:*:*:*:*:*
Iwt Facesentry_Access_Control_System_Firmware
cpe:2.3:o:iwt:facesentry_access_control_system_firmware:5.7.2:*:*:*:*:*:*:*
Iwt Facesentry_Access_Control_System_Firmware
cpe:2.3:o:iwt:facesentry_access_control_system_firmware:6.4.8:*:*:*:*:*:*:*
Iwt Facesentry_Access_Control_System
cpe:2.3:h:iwt:facesentry_access_control_system:-:*:*:*:*:*:*:*

References 3

https://exchange.xforce.ibmcloud.com/vulnerabilities/163192
disclosure@vulncheck.com
https://packetstormsecurity.com/files/153498
disclosure@vulncheck.com
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5528.php
disclosure@vulncheck.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2019-25279

Iwt

6.8

CVE-2019-25277

Iwt

5.1

CVE-2019-25243

Iwt

8.7

CVE-2019-25242

Iwt

5.1

CVE-2019-25241

Iwt

9.8