Vulnerability Note VU#549807
Impero Education Pro classroom management software vulnerable to remote code execution
Impero Software Education Pro classroom management software is vulnerable to remote code execution via improper encryption and authentication mechanisms.
CWE-321: Use of Hard-coded Cryptographic Key
CWE-329: Not Using a Random IV with CBC Mode - CVE-2015-5997
A remote unauthenticated attacker may be able to execute commands on the machine running Impero.
Apply an update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Impero||Affected||29 Jul 2015||01 Sep 2015|
CVSS Metrics (Learn More)
Thanks to slipstream/RoL for reporting this vulnerability.
This document was written by Garret Wassermann.
- CVE IDs: CVE-2015-5997 CVE-2015-5998
- Date Public: 14 Jul 2015
- Date First Published: 09 Sep 2015
- Date Last Updated: 10 Sep 2015
- Document Revision: 61
If you have feedback, comments, or additional information about this vulnerability, please send us email.