Hard-coded Credentials in Axeda Agent and Axeda Desktop Server for Windows Allow Remote Control Exploitation

Hard-coded Credentials in Axeda Agent and Axeda Desktop Server for Windows Allow Remote Control Exploitation

CVE-2022-25246 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system.

Learn more about our Cis Benchmark Audit For Desktop Software.