Skip to main content

Anviz Crosschex Standard CVE-2026-32650

| EUVDEUVD-2026-23508 HIGH
Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') (CWE-757)
2026-04-17 icscert
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

5
Re-analysis Queued
Apr 20, 2026 - 19:07 vuln.today
cvss_changed
Analysis Generated
Apr 17, 2026 - 20:38 vuln.today
EUVD ID Assigned
Apr 17, 2026 - 20:15 euvd
EUVD-2026-23508
Analysis Generated
Apr 17, 2026 - 20:15 vuln.today
CVE Published
Apr 17, 2026 - 19:52 nvd
HIGH 7.5

DescriptionCVE.org

Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling unauthorized database access.

AnalysisAI

Anviz CrossChex Standard time and attendance software transmits database credentials in plaintext when attackers downgrade TDS7 PreLogin protocol encryption, enabling remote unauthenticated access to backend databases containing employee data and access control records. CVSS 7.5 (High) with network attack vector and no prerequisites. Reported by CISA ICS-CERT, indicating industrial/physical security context. EPSS and KEV status not provided in available data.

Technical ContextAI

This vulnerability targets the Tabular Data Stream (TDS) protocol version 7, which Microsoft SQL Server and compatible databases use for client-server communication. TDS7's PreLogin handshake negotiates encryption settings before authentication. The flaw (CWE-757: Selection of Less-Secure Algorithm During Negotiation) allows attackers to force protocol downgrade by manipulating PreLogin packets to disable encryption entirely. Once downgraded, authentication credentials transit unencrypted over the network. Anviz CrossChex Standard is workforce management software commonly deployed in physical access control and time-tracking systems across critical infrastructure sectors. The affected CPE indicates all versions of the standard edition are vulnerable, though specific version ranges are not enumerated in available data.

RemediationAI

Contact Anviz directly via https://www.anviz.com/contact-us.html to obtain patched software versions, as no specific fix version is documented in available references. Review CISA advisory ICSA-26-106-03 at https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03 for updated mitigation guidance. Immediate compensating controls: enforce TLS/IPsec encryption at network layer for all traffic to/from CrossChex database servers, ensuring TDS-level encryption failures do not expose credentials (note: adds operational complexity and may impact legacy client compatibility). Restrict database server network access to management VLANs using firewall rules, blocking untrusted network segments from reaching TCP port 1433 or configured SQL Server ports (verify application functionality with restricted access before production deployment). Implement network intrusion detection rules to alert on TDS PreLogin packets with encryption disabled flags. Rotate all database credentials immediately and audit logs for unauthorized access attempts. These workarounds reduce but do not eliminate risk, as management network compromise still enables exploitation.

Share

CVE-2026-32650 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy