Impero Software Education Pro classroom management software is vulnerable to remote code execution via improper encryption and authentication mechanisms.
CWE-321: Use of Hard-coded Cryptographic Key
CWE-329: Not Using a Random IV with CBC Mode - CVE-2015-5997
A remote unauthenticated attacker may be able to execute commands on the machine running Impero.
Apply an update
Thanks to slipstream/RoL for reporting this vulnerability.
This document was written by Garret Wassermann.