CVE-2021-44207 is a vulnerability in Acclaimsystems Usaherds
Published on December 21, 2021
Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials.
Known Exploited Vulnerability
This Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Acclaim Systems USAHERDS contains a hard-coded credentials vulnerability that could allow an attacker to achieve remote code execution on the system that runs the application. The MachineKey must be obtained via a separate vulnerability or other channel.
The following remediation steps are recommended / required by January 13, 2025: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Please contact the product developer for support and vulnerability mitigation.
Vulnerability Analysis
CVE-2021-44207 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. This vulnerability is known to be actively exploited by threat actors. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Use of Hard-coded Credentials
The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
Products Associated with CVE-2021-44207
Want to know whenever a new CVE is published for Acclaimsystems Usaherds? stack.watch will email you.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.