CVE-2019-13525
First published: Fri Oct 25 2019(Updated: )
In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data, which can be accessed without authentication over the network.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Honeywell Ip-ak2 | <1.04.07 | |
| Honeywell IP-AK2 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-13525?
CVE-2019-13525 has a medium severity due to the risk of unauthorized access to sensitive web configuration data.
How do I fix CVE-2019-13525?
To fix CVE-2019-13525, update the IP-AK2 Access Control Panel to version 1.04.08 or later.
What kind of attack can exploit CVE-2019-13525?
CVE-2019-13525 can be exploited by remote attackers who can access web configuration data without authentication.
Which versions of the Honeywell IP-AK2 are affected by CVE-2019-13525?
Versions 1.04.07 and earlier of the Honeywell IP-AK2 firmware are affected by CVE-2019-13525.
Is authentication required to access the vulnerable data in CVE-2019-13525?
No, CVE-2019-13525 allows access to the web configuration data without authentication.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/honeywell
- canonical/honeywell ip-ak2 firmware