Join THREATCON1 in Reston, VA - September 21-22, 2025.
Register for Free
Products
Government
Resources
Community
Company
Partners
Sign In / Join
Sign In
Advisories
General Bytes Crypto Application Server (CAS) Unauthenticated Creation of Admin Account via Default-installation/First-admin Page
Go Back
severity
critical
date
September 19, 2025
Affecting
CAS 20201208 < 20220725.22 (mainline)
CAS 20201208 < 20220531.38 (backport)
CVE
CVE-2022-4980
CVE type
Missing Authentication for Critical Function
CVSS
9.3
CVSS V4 Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
References
Vendor Advisory / Exploitation Disclosure
Hacker News
INCIBE-CERT