Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Calero VeraSMART < 2026 R1 Hardcoded Static AES Keys Allow Decryption of Service Credentials
Vulnerability Description
Calero VeraSMART versions prior to 2026 R1 contain hardcoded static AES encryption keys within Veramark.Framework.dll (Veramark.Core.Config class). These keys are used to encrypt the password of the service account stored in C:\\VeraSMART Data\\app.settings. An attacker with local access to the system can extract the hardcoded keys from the Veramark.Framework.dll module and decrypt the stored credentials. The recovered credentials can then be used to authenticate to the Windows host, potentially resulting in local privilege escalation depending on the privileges of the configured service account.
CVSS Information
N/A
Vulnerability Type
使用硬编码的凭证
Vulnerability Title
Calero VeraSMART 信任管理问题漏洞
Vulnerability Description
Calero VeraSMART是美国Calero公司的一个电话计费软件。 Calero VeraSMART 2026 R1之前版本存在信任管理问题漏洞,该漏洞源于Veramark.Framework.dll中包含硬编码的静态AES加密密钥,可能导致本地攻击者解密存储的凭据,进而实现本地权限提升。
CVSS Information
N/A
Vulnerability Type
N/A