Azure Access BLU-IC2 and BLU-IC4 Missing Initial Password Change Vulnerability

Vulnerability

A vulnerability exists in Azure Access BLU-IC2 and BLU-IC4 products, all versions through 1.19.5, due to a missing initial password change requirement. This oversight can lead to unauthorized access or use of the device, as users may not be prompted to change default passwords, potentially allowing for exploitation or misuse.

Impact

The lack of an initial password change requirement can result in unauthorized access to the device, as users may retain default passwords that can be easily exploited.

Added: Oct 26, 2025, 5:17 PM

Updated: Oct 26, 2025, 5:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

0.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

0.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Azure Access BLU-IC2 and BLU-IC4 Missing Initial Password Change Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating