CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CVE-2023-20214 (GCVE-0-2023-20214)
Vulnerability from cvelistv5 – Published: 2023-08-03 21:24 – Updated: 2024-08-02 09:05
VLAI
Summary
A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance.
This vulnerability is due to insufficient request validation when using the REST API feature. An attacker could exploit this vulnerability by sending a crafted API request to an affected vManage instance. A successful exploit could allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance. This vulnerability only affects the REST API and does not affect the web-based management interface or the CLI.
Severity
9.1 (Critical)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco SD-WAN vManage |
Affected:
20.6.4
Affected: 20.6.5 Affected: 20.6.5.1 Affected: 20.6.4.1 Affected: 20.6.5.2 Affected: 20.6.5.4 Affected: 20.6.3.3 Affected: 20.6.4.0.21 Affected: 20.6.5.1.10 Affected: 20.6.5.1.11 Affected: 20.6.5.1.7 Affected: 20.6.5.1.9 Affected: 20.6.5.2.4 Affected: 20.6.5.2.8 Affected: 20.6.5.1.13 Affected: 20.7.1 Affected: 20.7.1.1 Affected: 20.7.2 Affected: 20.8.1 Affected: 20.9.1 Affected: 20.9.2 Affected: 20.9.2.1 Affected: 20.9.3 Affected: 20.9.3.1 Affected: 20.9.2.3 Affected: 20.9.3.0.12 Affected: 20.9.3.0.16 Affected: 20.9.3.0.17 Affected: 20.9.3.0.18 Affected: 20.9.3.0.20 Affected: 20.9.3.0.21 Affected: 20.9.3.0.23 Affected: 20.10.1 Affected: 20.10.1.1 Affected: 20.11.1 Affected: 20.11.1.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-vmanage-unauthapi-sphCLYPA",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-unauthapi-sphCLYPA"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco SD-WAN vManage",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "20.6.4"
},
{
"status": "affected",
"version": "20.6.5"
},
{
"status": "affected",
"version": "20.6.5.1"
},
{
"status": "affected",
"version": "20.6.4.1"
},
{
"status": "affected",
"version": "20.6.5.2"
},
{
"status": "affected",
"version": "20.6.5.4"
},
{
"status": "affected",
"version": "20.6.3.3"
},
{
"status": "affected",
"version": "20.6.4.0.21"
},
{
"status": "affected",
"version": "20.6.5.1.10"
},
{
"status": "affected",
"version": "20.6.5.1.11"
},
{
"status": "affected",
"version": "20.6.5.1.7"
},
{
"status": "affected",
"version": "20.6.5.1.9"
},
{
"status": "affected",
"version": "20.6.5.2.4"
},
{
"status": "affected",
"version": "20.6.5.2.8"
},
{
"status": "affected",
"version": "20.6.5.1.13"
},
{
"status": "affected",
"version": "20.7.1"
},
{
"status": "affected",
"version": "20.7.1.1"
},
{
"status": "affected",
"version": "20.7.2"
},
{
"status": "affected",
"version": "20.8.1"
},
{
"status": "affected",
"version": "20.9.1"
},
{
"status": "affected",
"version": "20.9.2"
},
{
"status": "affected",
"version": "20.9.2.1"
},
{
"status": "affected",
"version": "20.9.3"
},
{
"status": "affected",
"version": "20.9.3.1"
},
{
"status": "affected",
"version": "20.9.2.3"
},
{
"status": "affected",
"version": "20.9.3.0.12"
},
{
"status": "affected",
"version": "20.9.3.0.16"
},
{
"status": "affected",
"version": "20.9.3.0.17"
},
{
"status": "affected",
"version": "20.9.3.0.18"
},
{
"status": "affected",
"version": "20.9.3.0.20"
},
{
"status": "affected",
"version": "20.9.3.0.21"
},
{
"status": "affected",
"version": "20.9.3.0.23"
},
{
"status": "affected",
"version": "20.10.1"
},
{
"status": "affected",
"version": "20.10.1.1"
},
{
"status": "affected",
"version": "20.11.1"
},
{
"status": "affected",
"version": "20.11.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance.\r\n\r This vulnerability is due to insufficient request validation when using the REST API feature. An attacker could exploit this vulnerability by sending a crafted API request to an affected vManage instance. A successful exploit could allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance. This vulnerability only affects the REST API and does not affect the web-based management interface or the CLI."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:58:19.903Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-vmanage-unauthapi-sphCLYPA",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-unauthapi-sphCLYPA"
}
],
"source": {
"advisory": "cisco-sa-vmanage-unauthapi-sphCLYPA",
"defects": [
"CSCwf76218",
"CSCwf82344"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20214",
"datePublished": "2023-08-03T21:24:57.888Z",
"dateReserved": "2022-10-27T18:47:50.367Z",
"dateUpdated": "2024-08-02T09:05:36.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20238 (GCVE-0-2023-20238)
Vulnerability from cvelistv5 – Published: 2023-09-06 17:08 – Updated: 2025-12-16 18:23
VLAI
Summary
A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to forge the credentials required to access an affected system.
This vulnerability is due to the method used to validate SSO tokens. An attacker could exploit this vulnerability by authenticating to the application with forged credentials. A successful exploit could allow the attacker to commit toll fraud or to execute commands at the privilege level of the forged account. If that account is an Administrator account, the attacker would have the ability to view confidential information, modify customer settings, or modify settings for other users. To exploit this vulnerability, the attacker would need a valid user ID that is associated with an affected Cisco BroadWorks system.
Severity
10 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco BroadWorks |
Affected:
23.0
Affected: 23.0 ap383785 Affected: 23.0 ap382487 Affected: 23.0 ap381781 Affected: 23.0 ap360007 Affected: 23.0 ap369295 Affected: 23.0 ap366358 Affected: 23.0 ap366677 Affected: 23.0 ap366803 Affected: 23.0 ap363128 Affected: 23.0 ap369529 Affected: 23.0 ap368445 Affected: 23.0 ap369227 Affected: 23.0 ap367332 Affected: 23.0 ap369881 Affected: 23.0 ap367874 Affected: 23.0 ap367974 Affected: 23.0 ap367998 Affected: 23.0 ap372337 Affected: 23.0 ap372706 Affected: 23.0 ap370193 Affected: 23.0 ap372389 Affected: 23.0 ap372708 Affected: 23.0 ap370911 Affected: 23.0 ap371681 Affected: 23.0 ap370952 Affected: 23.0 ap371436 Affected: 23.0 ap371155 Affected: 23.0 ap371682 Affected: 23.0 ap371775 Affected: 23.0 ap375449 Affected: 23.0 ap375720 Affected: 23.0 ap375661 Affected: 23.0 ap375097 Affected: 23.0 ap373562 Affected: 23.0 ap373015 Affected: 23.0 ap374971 Affected: 23.0 ap373034 Affected: 23.0 ap374324 Affected: 23.0 ap373899 Affected: 23.0 ap376041 Affected: 23.0 ap375003 Affected: 23.0 ap373539 Affected: 23.0 ap376179 Affected: 23.0 ap373299 Affected: 23.0 ap375908 Affected: 23.0 ap373391 Affected: 23.0 ap376252 Affected: 23.0 ap376429 Affected: 23.0 ap376410 Affected: 23.0 ap376426 Affected: 23.0 ap376485 Affected: 23.0 ap376620 Affected: 23.0 ap378025 Affected: 23.0 ap376671 Affected: 23.0 ap376614 Affected: 23.0 ap377578 Affected: 23.0 ap377516 Affected: 23.0 ap377515 Affected: 23.0 ap377494 Affected: 23.0 ap377984 Affected: 23.0 ap378863 Affected: 23.0 ap378882 Affected: 23.0 ap378218 Affected: 23.0 ap380161 Affected: 23.0 ap378257 Affected: 23.0 ap379888 Affected: 23.0 ap379326 Affected: 23.0 ap377149 Affected: 23.0 ap380446 Affected: 23.0 ap380180 Affected: 23.0 ap376935 Affected: 23.0 ap380473 Affected: 23.0 ap381091 Affected: 23.0 ap380783 Affected: 23.0 ap380537 Affected: 23.0 ap380512 Affected: 23.0 ap381072 Affected: 23.0 ap381584 Affected: 23.0 ap381088 Affected: 23.0 ap382053 Affected: 23.0 ap382253 Affected: 23.0 ap382709 Affected: 23.0 ap382717 Affected: 23.0 ap381498 Affected: 23.0 ap382992 Affected: 23.0 ap383594 Affected: 23.0 ap383168 Affected: 23.0 ap382362 Affected: 23.0 ap384431 Affected: 23.0 ap384428 Affected: 22.0 Affected: 22.0 ap375345 Affected: 22.0 ap382358 Affected: 22.0 ap347741 Affected: 22.0 ap377577 Affected: 22.0 ap372243 Affected: 22.0 ap372504 Affected: 22.0 ap360116 Affected: 22.0 ap368125 Affected: 22.0 ap367732 Affected: 22.0 ap357506 Affected: 22.0 ap380486 Affected: 22.0 ap379780 Affected: 22.0 ap351263 Affected: 22.0 ap366916 Affected: 22.0 ap363363 Affected: 22.0 ap374507 Affected: 22.0 ap372845 Affected: 22.0 ap373684 Affected: 22.0 ap366898 Affected: 22.0 ap368180 Affected: 22.0 ap366882 Affected: 22.0 ap369774 Affected: 22.0 ap374269 Affected: 22.0 ap365223 Affected: 22.0 ap359972 Affected: 22.0 ap359433 Affected: 22.0 ap359991 Affected: 22.0 ap358357 Affected: 22.0 ap360244 Affected: 22.0 ap369931 Affected: 22.0 ap367874 Affected: 22.0 ap376710 Affected: 22.0 ap342836 Affected: 22.0 ap346307 Affected: 22.0 ap345032 Affected: 22.0 ap354070 Affected: 22.0 ap354069 Affected: 22.0 ap353915 Affected: 22.0 ap349201 Affected: 22.0 ap350217 Affected: 22.0 ap350179 Affected: 22.0 ap354313 Affected: 22.0 ap354098 Affected: 22.0 ap353975 Affected: 22.0 ap348945 Affected: 22.0 ap354090 Affected: 22.0 ap350573 Affected: 22.0 ap352516 Affected: 22.0 ap352109 Affected: 22.0 ap353384 Affected: 22.0 ap353490 Affected: 22.0 ap352962 Affected: 22.0 ap352703 Affected: 22.0 ap353418 Affected: 22.0 ap351700 Affected: 22.0 ap352205 Affected: 22.0 ap353360 Affected: 22.0 ap352932 Affected: 22.0 ap354921 Affected: 22.0 ap352726 Affected: 22.0 ap355757 Affected: 22.0 ap352972 Affected: 22.0 ap353577 Affected: 22.0 ap356603 Affected: 22.0 ap355894 Affected: 22.0 ap355385 Affected: 22.0 ap353311 Affected: 22.0 ap355300 Affected: 22.0 ap355083 Affected: 22.0 ap357047 Affected: 22.0 ap353681 Affected: 22.0 ap356848 Affected: 22.0 ap356706 Affected: 22.0 ap356474 Affected: 22.0 ap355091 Affected: 22.0 ap354785 Affected: 22.0 ap355905 Affected: 22.0 ap355365 Affected: 22.0 ap356359 Affected: 22.0 ap356434 Affected: 22.0 ap354936 Affected: 22.0 ap355285 Affected: 22.0 ap355674 Affected: 22.0 ap355922 Affected: 22.0 ap354597 Affected: 22.0 ap356458 Affected: 22.0 ap356140 Affected: 22.0 ap354413 Affected: 22.0 ap357400 Affected: 22.0 ap357632 Affected: 22.0 ap356390 Affected: 22.0 ap357607 Affected: 22.0 ap357447 Affected: 22.0 ap357560 Affected: 22.0 ap357645 Affected: 22.0 ap357768 Affected: 22.0 ap357859 Affected: 22.0 ap357769 Affected: 22.0 ap358469 Affected: 22.0 ap359049 Affected: 22.0 ap358971 Affected: 22.0 ap358246 Affected: 22.0 ap358234 Affected: 22.0 ap359156 Affected: 22.0 ap359549 Affected: 22.0 ap358454 Affected: 22.0 ap358563 Affected: 22.0 ap360250 Affected: 22.0 ap360564 Affected: 22.0 ap358887 Affected: 22.0 ap359470 Affected: 22.0 ap359465 Affected: 22.0 ap359748 Affected: 22.0 ap360817 Affected: 22.0 ap360201 Affected: 22.0 ap361153 Affected: 22.0 ap360904 Affected: 22.0 ap359644 Affected: 22.0 ap359765 Affected: 22.0 ap360912 Affected: 22.0 ap360184 Affected: 22.0 ap361520 Affected: 22.0 ap362771 Affected: 22.0 ap361445 Affected: 22.0 ap361560 Affected: 22.0 ap362848 Affected: 22.0 ap361559 Affected: 22.0 ap361820 Affected: 22.0 ap361533 Affected: 22.0 ap362163 Affected: 22.0 ap362001 Affected: 22.0 ap362276 Affected: 22.0 ap362490 Affected: 22.0 ap361154 Affected: 22.0 ap362799 Affected: 22.0 ap363815 Affected: 22.0 ap362328 Affected: 22.0 ap363332 Affected: 22.0 ap368026 Affected: 22.0 ap363521 Affected: 22.0 ap364199 Affected: 22.0 ap363568 Affected: 22.0 ap363759 Affected: 22.0 ap363596 Affected: 22.0 ap366701 Affected: 22.0 ap366174 Affected: 22.0 ap363729 Affected: 22.0 ap363770 Affected: 22.0 ap366358 Affected: 22.0 ap366744 Affected: 22.0 ap366180 Affected: 22.0 ap366649 Affected: 22.0 ap365172 Affected: 22.0 ap365115 Affected: 22.0 ap366656 Affected: 22.0 ap364521 Affected: 22.0 ap364844 Affected: 22.0 ap364781 Affected: 22.0 ap365146 Affected: 22.0 ap364797 Affected: 22.0 ap364932 Affected: 22.0 ap365545 Affected: 22.0 ap365800 Affected: 22.0 ap365173 Affected: 22.0 ap364473 Affected: 22.0 ap365400 Affected: 22.0 ap367396 Affected: 22.0 ap365632 Affected: 22.0 ap365905 Affected: 22.0 ap367109 Affected: 22.0 ap365449 Affected: 22.0 ap365685 Affected: 22.0 ap367434 Affected: 22.0 ap365597 Affected: 22.0 ap365801 Affected: 22.0 ap365730 Affected: 22.0 ap365758 Affected: 22.0 ap365920 Affected: 22.0 ap371313 Affected: 22.0 ap367291 Affected: 22.0 ap365727 Affected: 22.0 ap367524 Affected: 22.0 ap371587 Affected: 22.0 ap367453 Affected: 22.0 ap365601 Affected: 22.0 ap365779 Affected: 22.0 ap371871 Affected: 22.0 ap371437 Affected: 22.0 ap372043 Affected: 22.0 ap372016 Affected: 22.0 ap367367 Affected: 22.0 ap372072 Affected: 22.0 ap372177 Affected: 22.0 ap371681 Affected: 22.0 ap372354 Affected: 22.0 ap371656 Affected: 22.0 ap371033 Affected: 22.0 ap371583 Affected: 22.0 ap371911 Affected: 22.0 ap371467 Affected: 22.0 ap372371 Affected: 22.0 ap368695 Affected: 22.0 ap368913 Affected: 22.0 ap368987 Affected: 22.0 ap372024 Affected: 22.0 ap372152 Affected: 22.0 ap371961 Affected: 22.0 ap369674 Affected: 22.0 ap369173 Affected: 22.0 ap369863 Affected: 22.0 ap369641 Affected: 22.0 ap368604 Affected: 22.0 ap368087 Affected: 22.0 ap368216 Affected: 22.0 ap369934 Affected: 22.0 ap368326 Affected: 22.0 ap369219 Affected: 22.0 ap369227 Affected: 22.0 ap368422 Affected: 22.0 ap369881 Affected: 22.0 ap369550 Affected: 22.0 ap369668 Affected: 22.0 ap369571 Affected: 22.0 ap372433 Affected: 22.0 ap370654 Affected: 22.0 ap370138 Affected: 22.0 ap370615 Affected: 22.0 ap372643 Affected: 22.0 ap372708 Affected: 22.0 ap370590 Affected: 22.0 ap372390 Affected: 22.0 ap372757 Affected: 22.0 ap370636 Affected: 22.0 ap372750 Affected: 22.0 ap372706 Affected: 22.0 ap370269 Affected: 22.0 ap370180 Affected: 22.0 ap370675 Affected: 22.0 ap370737 Affected: 22.0 ap370424 Affected: 22.0 ap370544 Affected: 22.0 ap374339 Affected: 22.0 ap370459 Affected: 22.0 ap370545 Affected: 22.0 ap370389 Affected: 22.0 ap374803 Affected: 22.0 ap370358 Affected: 22.0 ap373539 Affected: 22.0 ap373118 Affected: 22.0 ap373855 Affected: 22.0 ap373820 Affected: 22.0 ap373438 Affected: 22.0 ap374660 Affected: 22.0 ap373018 Affected: 22.0 ap373954 Affected: 22.0 ap374230 Affected: 22.0 ap374330 Affected: 22.0 ap374460 Affected: 22.0 ap372956 Affected: 22.0 ap373111 Affected: 22.0 ap374114 Affected: 22.0 ap373122 Affected: 22.0 ap373108 Affected: 22.0 ap374356 Affected: 22.0 ap375069 Affected: 22.0 ap373899 Affected: 22.0 ap374971 Affected: 22.0 ap375862 Affected: 22.0 ap375354 Affected: 22.0 ap375688 Affected: 22.0 ap373046 Affected: 22.0 ap373452 Affected: 22.0 ap374334 Affected: 22.0 ap374428 Affected: 22.0 ap374596 Affected: 22.0 ap372963 Affected: 22.0 ap376041 Affected: 22.0 ap376410 Affected: 22.0 ap376298 Affected: 22.0 ap372799 Affected: 22.0 ap376181 Affected: 22.0 ap375090 Affected: 22.0 ap376416 Affected: 22.0 ap373098 Affected: 22.0 ap375937 Affected: 22.0 ap376531 Affected: 22.0 ap375465 Affected: 22.0 ap376100 Affected: 22.0 ap375634 Affected: 22.0 ap375091 Affected: 22.0 ap375018 Affected: 22.0 ap375743 Affected: 22.0 ap375383 Affected: 22.0 ap375719 Affected: 22.0 ap376614 Affected: 22.0 ap376541 Affected: 22.0 ap375685 Affected: 22.0 ap374895 Affected: 22.0 ap376429 Affected: 22.0 ap379838 Affected: 22.0 ap380187 Affected: 22.0 ap380143 Affected: 22.0 ap379972 Affected: 22.0 ap380535 Affected: 22.0 ap380117 Affected: 22.0 ap380473 Affected: 22.0 ap375924 Affected: 22.0 ap379833 Affected: 22.0 ap376661 Affected: 22.0 ap380041 Affected: 22.0 ap380391 Affected: 22.0 ap379795 Affected: 22.0 ap376701 Affected: 22.0 ap376668 Affected: 22.0 ap377384 Affected: 22.0 ap377480 Affected: 22.0 ap377581 Affected: 22.0 ap376652 Affected: 22.0 ap376620 Affected: 22.0 ap378405 Affected: 22.0 ap377494 Affected: 22.0 ap378440 Affected: 22.0 ap378581 Affected: 22.0 ap377307 Affected: 22.0 ap377566 Affected: 22.0 ap378585 Affected: 22.0 ap377149 Affected: 22.0 ap378471 Affected: 22.0 ap377412 Affected: 22.0 ap377068 Affected: 22.0 ap377757 Affected: 22.0 ap378332 Affected: 22.0 ap379016 Affected: 22.0 ap378866 Affected: 22.0 ap378079 Affected: 22.0 ap378509 Affected: 22.0 ap378953 Affected: 22.0 ap377779 Affected: 22.0 ap379008 Affected: 22.0 ap379694 Affected: 22.0 ap379597 Affected: 22.0 ap378882 Affected: 22.0 ap379389 Affected: 22.0 ap379487 Affected: 22.0 ap379374 Affected: 22.0 ap380771 Affected: 22.0 ap381594 Affected: 22.0 ap381243 Affected: 22.0 ap380629 Affected: 22.0 ap380751 Affected: 22.0 ap382158 Affected: 22.0 ap378999 Affected: 22.0 ap381136 Affected: 22.0 ap382240 Affected: 22.0 ap382362 Affected: 22.0 ap382192 Affected: 22.0 ap381091 Affected: 22.0 ap382251 Affected: 22.0 ap381732 Affected: 22.0 ap381584 Affected: 22.0 ap381118 Affected: 22.0 ap382717 Affected: 22.0 ap383569 Affected: 22.0 ap382487 Affected: 22.0 ap383002 Affected: 22.0 ap382434 Affected: 22.0 ap383170 Affected: 22.0 ap383309 Affected: 22.0 ap383514 Affected: 22.0 ap383710 Affected: 22.0 ap382977 Affected: 22.0 ap382488 Affected: 22.0 ap383134 Affected: 22.0 ap359429 Affected: 21.sp1 ap351795 Affected: 21.sp1 ap348143 Affected: 21.sp1 ap351216 Affected: 21.sp1 ap339376 Affected: 21.sp1 ap358132 Affected: 21.sp1 ap355717 Affected: 21.sp1 ap346074 Affected: 21.sp1 ap373102 Affected: 21.sp1 ap235252 Affected: 21.sp1 ap242300 Affected: 21.sp1 ap338964 Affected: 21.sp1 ap339196 Affected: 21.sp1 ap341645 Affected: 21.sp1 ap341897 Affected: 21.sp1 ap342461 Affected: 21.sp1 ap342625 Affected: 21.sp1 ap342755 Affected: 21.sp1 ap342853 Affected: 21.sp1 ap343352 Affected: 21.sp1 ap344270 Affected: 21.sp1 ap344479 Affected: 21.sp1 ap344681 Affected: 21.sp1 ap345054 Affected: 21.sp1 ap345293 Affected: 21.sp1 ap345755 Affected: 21.sp1 ap348472 Affected: 21.sp1 ap349222 Affected: 21.sp1 ap350050 Affected: 21.sp1 ap350189 Affected: 21.sp1 ap351248 Affected: 21.sp1 ap351295 Affected: 21.sp1 ap351530 Affected: 21.sp1 ap351754 Affected: 21.sp1 ap351898 Affected: 21.sp1 ap352082 Affected: 21.sp1 ap352205 Affected: 21.sp1 ap352972 Affected: 21.sp1 ap353418 Affected: 21.sp1 ap353841 Affected: 21.sp1 ap354707 Affected: 21.sp1 ap356271 Affected: 21.sp1 ap356787 Affected: 21.sp1 ap357574 Affected: 21.sp1 ap358730 Affected: 21.sp1 ap360211 Affected: 21.sp1 ap360306 Affected: 21.sp1 ap361420 Affected: 21.sp1 ap365379 Affected: 21.sp1 ap365390 Affected: 21.sp1 ap366348 Affected: 21.sp1 ap374822 Affected: 21.sp1 ap375026 Affected: 21.sp1 ap375053 Affected: 21.0 ap349066 Affected: 21.0 ap364358 Affected: 21.0 ap362637 Affected: 21.0 ap342145 Affected: 21.0 ap357571 Affected: 21.0 ap362825 Affected: 21.0 ap361559 Affected: 21.0 ap339395 Affected: 21.0 ap348945 Affected: 21.0 ap346902 Affected: 21.0 ap350308 Affected: 21.0 ap363301 Affected: 21.0 ap349850 Affected: 21.0 ap344752 Affected: 21.0 ap347640 Affected: 21.0 ap350111 Affected: 21.0 ap355616 Affected: 21.0 ap353841 Affected: 21.0 ap346128 Affected: 21.0 ap350204 Affected: 21.0 ap341897 Affected: 21.0 ap347064 Affected: 21.0 ap350032 Affected: 21.0 ap351261 Affected: 21.0 ap352182 Affected: 21.0 ap350760 Affected: 21.0 ap363408 Affected: 21.sp1 ap340545 Affected: 21.sp1 ap341683 Affected: 21.sp1 ap341909 Affected: 21.sp1 ap342214 Affected: 21.sp1 ap344301 Affected: 21.sp1 ap344783 Affected: 21.sp1 ap346270 Affected: 21.sp1 ap346351 Affected: 21.sp1 ap347928 Affected: 21.sp1 ap349517 Affected: 21.sp1 ap349090 Affected: 21.sp1 ap351315 Affected: 21.sp1 ap352304 Affected: 21.sp1 ap351738 Affected: 21.sp1 ap354194 Affected: 21.sp1 ap357347 Affected: 21.sp1 ap364778 Affected: 21.sp1 ap372422 Affected: 21.sp1 ap371281 Affected: 21.sp1 ap370908 Affected: 21.sp1 ap379493 Affected: 21.sp1 ap380506 Affected: 21.sp9 ap360116 Affected: 21.sp9 ap367207 Affected: RI.2021.02 Affected: RI.2021.08 Affected: RI.2021.09 Affected: RI.2021.10 Affected: RI.2021.11 Affected: RI.2021.12 Affected: RI.2022.02 Affected: RI.2022.03 Affected: RI.2022.04 Affected: RI.2022.07 Affected: RI.2022.06 Affected: RI.2022.05 Affected: RI.2022.08 Affected: RI.2022.09 Affected: RI.2022.10 Affected: RI.2022.12 Affected: RI.2023.01 Affected: RI.2023.03 Affected: RI.2023.02 Affected: RI.2023.04 Affected: RI.2023.05 Affected: RI.2023.07 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.796Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-bw-auth-bypass-kCggMWhX",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-auth-bypass-kCggMWhX"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20238",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-15T16:38:47.577160Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T18:23:20.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco BroadWorks",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "23.0"
},
{
"status": "affected",
"version": "23.0 ap383785"
},
{
"status": "affected",
"version": "23.0 ap382487"
},
{
"status": "affected",
"version": "23.0 ap381781"
},
{
"status": "affected",
"version": "23.0 ap360007"
},
{
"status": "affected",
"version": "23.0 ap369295"
},
{
"status": "affected",
"version": "23.0 ap366358"
},
{
"status": "affected",
"version": "23.0 ap366677"
},
{
"status": "affected",
"version": "23.0 ap366803"
},
{
"status": "affected",
"version": "23.0 ap363128"
},
{
"status": "affected",
"version": "23.0 ap369529"
},
{
"status": "affected",
"version": "23.0 ap368445"
},
{
"status": "affected",
"version": "23.0 ap369227"
},
{
"status": "affected",
"version": "23.0 ap367332"
},
{
"status": "affected",
"version": "23.0 ap369881"
},
{
"status": "affected",
"version": "23.0 ap367874"
},
{
"status": "affected",
"version": "23.0 ap367974"
},
{
"status": "affected",
"version": "23.0 ap367998"
},
{
"status": "affected",
"version": "23.0 ap372337"
},
{
"status": "affected",
"version": "23.0 ap372706"
},
{
"status": "affected",
"version": "23.0 ap370193"
},
{
"status": "affected",
"version": "23.0 ap372389"
},
{
"status": "affected",
"version": "23.0 ap372708"
},
{
"status": "affected",
"version": "23.0 ap370911"
},
{
"status": "affected",
"version": "23.0 ap371681"
},
{
"status": "affected",
"version": "23.0 ap370952"
},
{
"status": "affected",
"version": "23.0 ap371436"
},
{
"status": "affected",
"version": "23.0 ap371155"
},
{
"status": "affected",
"version": "23.0 ap371682"
},
{
"status": "affected",
"version": "23.0 ap371775"
},
{
"status": "affected",
"version": "23.0 ap375449"
},
{
"status": "affected",
"version": "23.0 ap375720"
},
{
"status": "affected",
"version": "23.0 ap375661"
},
{
"status": "affected",
"version": "23.0 ap375097"
},
{
"status": "affected",
"version": "23.0 ap373562"
},
{
"status": "affected",
"version": "23.0 ap373015"
},
{
"status": "affected",
"version": "23.0 ap374971"
},
{
"status": "affected",
"version": "23.0 ap373034"
},
{
"status": "affected",
"version": "23.0 ap374324"
},
{
"status": "affected",
"version": "23.0 ap373899"
},
{
"status": "affected",
"version": "23.0 ap376041"
},
{
"status": "affected",
"version": "23.0 ap375003"
},
{
"status": "affected",
"version": "23.0 ap373539"
},
{
"status": "affected",
"version": "23.0 ap376179"
},
{
"status": "affected",
"version": "23.0 ap373299"
},
{
"status": "affected",
"version": "23.0 ap375908"
},
{
"status": "affected",
"version": "23.0 ap373391"
},
{
"status": "affected",
"version": "23.0 ap376252"
},
{
"status": "affected",
"version": "23.0 ap376429"
},
{
"status": "affected",
"version": "23.0 ap376410"
},
{
"status": "affected",
"version": "23.0 ap376426"
},
{
"status": "affected",
"version": "23.0 ap376485"
},
{
"status": "affected",
"version": "23.0 ap376620"
},
{
"status": "affected",
"version": "23.0 ap378025"
},
{
"status": "affected",
"version": "23.0 ap376671"
},
{
"status": "affected",
"version": "23.0 ap376614"
},
{
"status": "affected",
"version": "23.0 ap377578"
},
{
"status": "affected",
"version": "23.0 ap377516"
},
{
"status": "affected",
"version": "23.0 ap377515"
},
{
"status": "affected",
"version": "23.0 ap377494"
},
{
"status": "affected",
"version": "23.0 ap377984"
},
{
"status": "affected",
"version": "23.0 ap378863"
},
{
"status": "affected",
"version": "23.0 ap378882"
},
{
"status": "affected",
"version": "23.0 ap378218"
},
{
"status": "affected",
"version": "23.0 ap380161"
},
{
"status": "affected",
"version": "23.0 ap378257"
},
{
"status": "affected",
"version": "23.0 ap379888"
},
{
"status": "affected",
"version": "23.0 ap379326"
},
{
"status": "affected",
"version": "23.0 ap377149"
},
{
"status": "affected",
"version": "23.0 ap380446"
},
{
"status": "affected",
"version": "23.0 ap380180"
},
{
"status": "affected",
"version": "23.0 ap376935"
},
{
"status": "affected",
"version": "23.0 ap380473"
},
{
"status": "affected",
"version": "23.0 ap381091"
},
{
"status": "affected",
"version": "23.0 ap380783"
},
{
"status": "affected",
"version": "23.0 ap380537"
},
{
"status": "affected",
"version": "23.0 ap380512"
},
{
"status": "affected",
"version": "23.0 ap381072"
},
{
"status": "affected",
"version": "23.0 ap381584"
},
{
"status": "affected",
"version": "23.0 ap381088"
},
{
"status": "affected",
"version": "23.0 ap382053"
},
{
"status": "affected",
"version": "23.0 ap382253"
},
{
"status": "affected",
"version": "23.0 ap382709"
},
{
"status": "affected",
"version": "23.0 ap382717"
},
{
"status": "affected",
"version": "23.0 ap381498"
},
{
"status": "affected",
"version": "23.0 ap382992"
},
{
"status": "affected",
"version": "23.0 ap383594"
},
{
"status": "affected",
"version": "23.0 ap383168"
},
{
"status": "affected",
"version": "23.0 ap382362"
},
{
"status": "affected",
"version": "23.0 ap384431"
},
{
"status": "affected",
"version": "23.0 ap384428"
},
{
"status": "affected",
"version": "22.0"
},
{
"status": "affected",
"version": "22.0 ap375345"
},
{
"status": "affected",
"version": "22.0 ap382358"
},
{
"status": "affected",
"version": "22.0 ap347741"
},
{
"status": "affected",
"version": "22.0 ap377577"
},
{
"status": "affected",
"version": "22.0 ap372243"
},
{
"status": "affected",
"version": "22.0 ap372504"
},
{
"status": "affected",
"version": "22.0 ap360116"
},
{
"status": "affected",
"version": "22.0 ap368125"
},
{
"status": "affected",
"version": "22.0 ap367732"
},
{
"status": "affected",
"version": "22.0 ap357506"
},
{
"status": "affected",
"version": "22.0 ap380486"
},
{
"status": "affected",
"version": "22.0 ap379780"
},
{
"status": "affected",
"version": "22.0 ap351263"
},
{
"status": "affected",
"version": "22.0 ap366916"
},
{
"status": "affected",
"version": "22.0 ap363363"
},
{
"status": "affected",
"version": "22.0 ap374507"
},
{
"status": "affected",
"version": "22.0 ap372845"
},
{
"status": "affected",
"version": "22.0 ap373684"
},
{
"status": "affected",
"version": "22.0 ap366898"
},
{
"status": "affected",
"version": "22.0 ap368180"
},
{
"status": "affected",
"version": "22.0 ap366882"
},
{
"status": "affected",
"version": "22.0 ap369774"
},
{
"status": "affected",
"version": "22.0 ap374269"
},
{
"status": "affected",
"version": "22.0 ap365223"
},
{
"status": "affected",
"version": "22.0 ap359972"
},
{
"status": "affected",
"version": "22.0 ap359433"
},
{
"status": "affected",
"version": "22.0 ap359991"
},
{
"status": "affected",
"version": "22.0 ap358357"
},
{
"status": "affected",
"version": "22.0 ap360244"
},
{
"status": "affected",
"version": "22.0 ap369931"
},
{
"status": "affected",
"version": "22.0 ap367874"
},
{
"status": "affected",
"version": "22.0 ap376710"
},
{
"status": "affected",
"version": "22.0 ap342836"
},
{
"status": "affected",
"version": "22.0 ap346307"
},
{
"status": "affected",
"version": "22.0 ap345032"
},
{
"status": "affected",
"version": "22.0 ap354070"
},
{
"status": "affected",
"version": "22.0 ap354069"
},
{
"status": "affected",
"version": "22.0 ap353915"
},
{
"status": "affected",
"version": "22.0 ap349201"
},
{
"status": "affected",
"version": "22.0 ap350217"
},
{
"status": "affected",
"version": "22.0 ap350179"
},
{
"status": "affected",
"version": "22.0 ap354313"
},
{
"status": "affected",
"version": "22.0 ap354098"
},
{
"status": "affected",
"version": "22.0 ap353975"
},
{
"status": "affected",
"version": "22.0 ap348945"
},
{
"status": "affected",
"version": "22.0 ap354090"
},
{
"status": "affected",
"version": "22.0 ap350573"
},
{
"status": "affected",
"version": "22.0 ap352516"
},
{
"status": "affected",
"version": "22.0 ap352109"
},
{
"status": "affected",
"version": "22.0 ap353384"
},
{
"status": "affected",
"version": "22.0 ap353490"
},
{
"status": "affected",
"version": "22.0 ap352962"
},
{
"status": "affected",
"version": "22.0 ap352703"
},
{
"status": "affected",
"version": "22.0 ap353418"
},
{
"status": "affected",
"version": "22.0 ap351700"
},
{
"status": "affected",
"version": "22.0 ap352205"
},
{
"status": "affected",
"version": "22.0 ap353360"
},
{
"status": "affected",
"version": "22.0 ap352932"
},
{
"status": "affected",
"version": "22.0 ap354921"
},
{
"status": "affected",
"version": "22.0 ap352726"
},
{
"status": "affected",
"version": "22.0 ap355757"
},
{
"status": "affected",
"version": "22.0 ap352972"
},
{
"status": "affected",
"version": "22.0 ap353577"
},
{
"status": "affected",
"version": "22.0 ap356603"
},
{
"status": "affected",
"version": "22.0 ap355894"
},
{
"status": "affected",
"version": "22.0 ap355385"
},
{
"status": "affected",
"version": "22.0 ap353311"
},
{
"status": "affected",
"version": "22.0 ap355300"
},
{
"status": "affected",
"version": "22.0 ap355083"
},
{
"status": "affected",
"version": "22.0 ap357047"
},
{
"status": "affected",
"version": "22.0 ap353681"
},
{
"status": "affected",
"version": "22.0 ap356848"
},
{
"status": "affected",
"version": "22.0 ap356706"
},
{
"status": "affected",
"version": "22.0 ap356474"
},
{
"status": "affected",
"version": "22.0 ap355091"
},
{
"status": "affected",
"version": "22.0 ap354785"
},
{
"status": "affected",
"version": "22.0 ap355905"
},
{
"status": "affected",
"version": "22.0 ap355365"
},
{
"status": "affected",
"version": "22.0 ap356359"
},
{
"status": "affected",
"version": "22.0 ap356434"
},
{
"status": "affected",
"version": "22.0 ap354936"
},
{
"status": "affected",
"version": "22.0 ap355285"
},
{
"status": "affected",
"version": "22.0 ap355674"
},
{
"status": "affected",
"version": "22.0 ap355922"
},
{
"status": "affected",
"version": "22.0 ap354597"
},
{
"status": "affected",
"version": "22.0 ap356458"
},
{
"status": "affected",
"version": "22.0 ap356140"
},
{
"status": "affected",
"version": "22.0 ap354413"
},
{
"status": "affected",
"version": "22.0 ap357400"
},
{
"status": "affected",
"version": "22.0 ap357632"
},
{
"status": "affected",
"version": "22.0 ap356390"
},
{
"status": "affected",
"version": "22.0 ap357607"
},
{
"status": "affected",
"version": "22.0 ap357447"
},
{
"status": "affected",
"version": "22.0 ap357560"
},
{
"status": "affected",
"version": "22.0 ap357645"
},
{
"status": "affected",
"version": "22.0 ap357768"
},
{
"status": "affected",
"version": "22.0 ap357859"
},
{
"status": "affected",
"version": "22.0 ap357769"
},
{
"status": "affected",
"version": "22.0 ap358469"
},
{
"status": "affected",
"version": "22.0 ap359049"
},
{
"status": "affected",
"version": "22.0 ap358971"
},
{
"status": "affected",
"version": "22.0 ap358246"
},
{
"status": "affected",
"version": "22.0 ap358234"
},
{
"status": "affected",
"version": "22.0 ap359156"
},
{
"status": "affected",
"version": "22.0 ap359549"
},
{
"status": "affected",
"version": "22.0 ap358454"
},
{
"status": "affected",
"version": "22.0 ap358563"
},
{
"status": "affected",
"version": "22.0 ap360250"
},
{
"status": "affected",
"version": "22.0 ap360564"
},
{
"status": "affected",
"version": "22.0 ap358887"
},
{
"status": "affected",
"version": "22.0 ap359470"
},
{
"status": "affected",
"version": "22.0 ap359465"
},
{
"status": "affected",
"version": "22.0 ap359748"
},
{
"status": "affected",
"version": "22.0 ap360817"
},
{
"status": "affected",
"version": "22.0 ap360201"
},
{
"status": "affected",
"version": "22.0 ap361153"
},
{
"status": "affected",
"version": "22.0 ap360904"
},
{
"status": "affected",
"version": "22.0 ap359644"
},
{
"status": "affected",
"version": "22.0 ap359765"
},
{
"status": "affected",
"version": "22.0 ap360912"
},
{
"status": "affected",
"version": "22.0 ap360184"
},
{
"status": "affected",
"version": "22.0 ap361520"
},
{
"status": "affected",
"version": "22.0 ap362771"
},
{
"status": "affected",
"version": "22.0 ap361445"
},
{
"status": "affected",
"version": "22.0 ap361560"
},
{
"status": "affected",
"version": "22.0 ap362848"
},
{
"status": "affected",
"version": "22.0 ap361559"
},
{
"status": "affected",
"version": "22.0 ap361820"
},
{
"status": "affected",
"version": "22.0 ap361533"
},
{
"status": "affected",
"version": "22.0 ap362163"
},
{
"status": "affected",
"version": "22.0 ap362001"
},
{
"status": "affected",
"version": "22.0 ap362276"
},
{
"status": "affected",
"version": "22.0 ap362490"
},
{
"status": "affected",
"version": "22.0 ap361154"
},
{
"status": "affected",
"version": "22.0 ap362799"
},
{
"status": "affected",
"version": "22.0 ap363815"
},
{
"status": "affected",
"version": "22.0 ap362328"
},
{
"status": "affected",
"version": "22.0 ap363332"
},
{
"status": "affected",
"version": "22.0 ap368026"
},
{
"status": "affected",
"version": "22.0 ap363521"
},
{
"status": "affected",
"version": "22.0 ap364199"
},
{
"status": "affected",
"version": "22.0 ap363568"
},
{
"status": "affected",
"version": "22.0 ap363759"
},
{
"status": "affected",
"version": "22.0 ap363596"
},
{
"status": "affected",
"version": "22.0 ap366701"
},
{
"status": "affected",
"version": "22.0 ap366174"
},
{
"status": "affected",
"version": "22.0 ap363729"
},
{
"status": "affected",
"version": "22.0 ap363770"
},
{
"status": "affected",
"version": "22.0 ap366358"
},
{
"status": "affected",
"version": "22.0 ap366744"
},
{
"status": "affected",
"version": "22.0 ap366180"
},
{
"status": "affected",
"version": "22.0 ap366649"
},
{
"status": "affected",
"version": "22.0 ap365172"
},
{
"status": "affected",
"version": "22.0 ap365115"
},
{
"status": "affected",
"version": "22.0 ap366656"
},
{
"status": "affected",
"version": "22.0 ap364521"
},
{
"status": "affected",
"version": "22.0 ap364844"
},
{
"status": "affected",
"version": "22.0 ap364781"
},
{
"status": "affected",
"version": "22.0 ap365146"
},
{
"status": "affected",
"version": "22.0 ap364797"
},
{
"status": "affected",
"version": "22.0 ap364932"
},
{
"status": "affected",
"version": "22.0 ap365545"
},
{
"status": "affected",
"version": "22.0 ap365800"
},
{
"status": "affected",
"version": "22.0 ap365173"
},
{
"status": "affected",
"version": "22.0 ap364473"
},
{
"status": "affected",
"version": "22.0 ap365400"
},
{
"status": "affected",
"version": "22.0 ap367396"
},
{
"status": "affected",
"version": "22.0 ap365632"
},
{
"status": "affected",
"version": "22.0 ap365905"
},
{
"status": "affected",
"version": "22.0 ap367109"
},
{
"status": "affected",
"version": "22.0 ap365449"
},
{
"status": "affected",
"version": "22.0 ap365685"
},
{
"status": "affected",
"version": "22.0 ap367434"
},
{
"status": "affected",
"version": "22.0 ap365597"
},
{
"status": "affected",
"version": "22.0 ap365801"
},
{
"status": "affected",
"version": "22.0 ap365730"
},
{
"status": "affected",
"version": "22.0 ap365758"
},
{
"status": "affected",
"version": "22.0 ap365920"
},
{
"status": "affected",
"version": "22.0 ap371313"
},
{
"status": "affected",
"version": "22.0 ap367291"
},
{
"status": "affected",
"version": "22.0 ap365727"
},
{
"status": "affected",
"version": "22.0 ap367524"
},
{
"status": "affected",
"version": "22.0 ap371587"
},
{
"status": "affected",
"version": "22.0 ap367453"
},
{
"status": "affected",
"version": "22.0 ap365601"
},
{
"status": "affected",
"version": "22.0 ap365779"
},
{
"status": "affected",
"version": "22.0 ap371871"
},
{
"status": "affected",
"version": "22.0 ap371437"
},
{
"status": "affected",
"version": "22.0 ap372043"
},
{
"status": "affected",
"version": "22.0 ap372016"
},
{
"status": "affected",
"version": "22.0 ap367367"
},
{
"status": "affected",
"version": "22.0 ap372072"
},
{
"status": "affected",
"version": "22.0 ap372177"
},
{
"status": "affected",
"version": "22.0 ap371681"
},
{
"status": "affected",
"version": "22.0 ap372354"
},
{
"status": "affected",
"version": "22.0 ap371656"
},
{
"status": "affected",
"version": "22.0 ap371033"
},
{
"status": "affected",
"version": "22.0 ap371583"
},
{
"status": "affected",
"version": "22.0 ap371911"
},
{
"status": "affected",
"version": "22.0 ap371467"
},
{
"status": "affected",
"version": "22.0 ap372371"
},
{
"status": "affected",
"version": "22.0 ap368695"
},
{
"status": "affected",
"version": "22.0 ap368913"
},
{
"status": "affected",
"version": "22.0 ap368987"
},
{
"status": "affected",
"version": "22.0 ap372024"
},
{
"status": "affected",
"version": "22.0 ap372152"
},
{
"status": "affected",
"version": "22.0 ap371961"
},
{
"status": "affected",
"version": "22.0 ap369674"
},
{
"status": "affected",
"version": "22.0 ap369173"
},
{
"status": "affected",
"version": "22.0 ap369863"
},
{
"status": "affected",
"version": "22.0 ap369641"
},
{
"status": "affected",
"version": "22.0 ap368604"
},
{
"status": "affected",
"version": "22.0 ap368087"
},
{
"status": "affected",
"version": "22.0 ap368216"
},
{
"status": "affected",
"version": "22.0 ap369934"
},
{
"status": "affected",
"version": "22.0 ap368326"
},
{
"status": "affected",
"version": "22.0 ap369219"
},
{
"status": "affected",
"version": "22.0 ap369227"
},
{
"status": "affected",
"version": "22.0 ap368422"
},
{
"status": "affected",
"version": "22.0 ap369881"
},
{
"status": "affected",
"version": "22.0 ap369550"
},
{
"status": "affected",
"version": "22.0 ap369668"
},
{
"status": "affected",
"version": "22.0 ap369571"
},
{
"status": "affected",
"version": "22.0 ap372433"
},
{
"status": "affected",
"version": "22.0 ap370654"
},
{
"status": "affected",
"version": "22.0 ap370138"
},
{
"status": "affected",
"version": "22.0 ap370615"
},
{
"status": "affected",
"version": "22.0 ap372643"
},
{
"status": "affected",
"version": "22.0 ap372708"
},
{
"status": "affected",
"version": "22.0 ap370590"
},
{
"status": "affected",
"version": "22.0 ap372390"
},
{
"status": "affected",
"version": "22.0 ap372757"
},
{
"status": "affected",
"version": "22.0 ap370636"
},
{
"status": "affected",
"version": "22.0 ap372750"
},
{
"status": "affected",
"version": "22.0 ap372706"
},
{
"status": "affected",
"version": "22.0 ap370269"
},
{
"status": "affected",
"version": "22.0 ap370180"
},
{
"status": "affected",
"version": "22.0 ap370675"
},
{
"status": "affected",
"version": "22.0 ap370737"
},
{
"status": "affected",
"version": "22.0 ap370424"
},
{
"status": "affected",
"version": "22.0 ap370544"
},
{
"status": "affected",
"version": "22.0 ap374339"
},
{
"status": "affected",
"version": "22.0 ap370459"
},
{
"status": "affected",
"version": "22.0 ap370545"
},
{
"status": "affected",
"version": "22.0 ap370389"
},
{
"status": "affected",
"version": "22.0 ap374803"
},
{
"status": "affected",
"version": "22.0 ap370358"
},
{
"status": "affected",
"version": "22.0 ap373539"
},
{
"status": "affected",
"version": "22.0 ap373118"
},
{
"status": "affected",
"version": "22.0 ap373855"
},
{
"status": "affected",
"version": "22.0 ap373820"
},
{
"status": "affected",
"version": "22.0 ap373438"
},
{
"status": "affected",
"version": "22.0 ap374660"
},
{
"status": "affected",
"version": "22.0 ap373018"
},
{
"status": "affected",
"version": "22.0 ap373954"
},
{
"status": "affected",
"version": "22.0 ap374230"
},
{
"status": "affected",
"version": "22.0 ap374330"
},
{
"status": "affected",
"version": "22.0 ap374460"
},
{
"status": "affected",
"version": "22.0 ap372956"
},
{
"status": "affected",
"version": "22.0 ap373111"
},
{
"status": "affected",
"version": "22.0 ap374114"
},
{
"status": "affected",
"version": "22.0 ap373122"
},
{
"status": "affected",
"version": "22.0 ap373108"
},
{
"status": "affected",
"version": "22.0 ap374356"
},
{
"status": "affected",
"version": "22.0 ap375069"
},
{
"status": "affected",
"version": "22.0 ap373899"
},
{
"status": "affected",
"version": "22.0 ap374971"
},
{
"status": "affected",
"version": "22.0 ap375862"
},
{
"status": "affected",
"version": "22.0 ap375354"
},
{
"status": "affected",
"version": "22.0 ap375688"
},
{
"status": "affected",
"version": "22.0 ap373046"
},
{
"status": "affected",
"version": "22.0 ap373452"
},
{
"status": "affected",
"version": "22.0 ap374334"
},
{
"status": "affected",
"version": "22.0 ap374428"
},
{
"status": "affected",
"version": "22.0 ap374596"
},
{
"status": "affected",
"version": "22.0 ap372963"
},
{
"status": "affected",
"version": "22.0 ap376041"
},
{
"status": "affected",
"version": "22.0 ap376410"
},
{
"status": "affected",
"version": "22.0 ap376298"
},
{
"status": "affected",
"version": "22.0 ap372799"
},
{
"status": "affected",
"version": "22.0 ap376181"
},
{
"status": "affected",
"version": "22.0 ap375090"
},
{
"status": "affected",
"version": "22.0 ap376416"
},
{
"status": "affected",
"version": "22.0 ap373098"
},
{
"status": "affected",
"version": "22.0 ap375937"
},
{
"status": "affected",
"version": "22.0 ap376531"
},
{
"status": "affected",
"version": "22.0 ap375465"
},
{
"status": "affected",
"version": "22.0 ap376100"
},
{
"status": "affected",
"version": "22.0 ap375634"
},
{
"status": "affected",
"version": "22.0 ap375091"
},
{
"status": "affected",
"version": "22.0 ap375018"
},
{
"status": "affected",
"version": "22.0 ap375743"
},
{
"status": "affected",
"version": "22.0 ap375383"
},
{
"status": "affected",
"version": "22.0 ap375719"
},
{
"status": "affected",
"version": "22.0 ap376614"
},
{
"status": "affected",
"version": "22.0 ap376541"
},
{
"status": "affected",
"version": "22.0 ap375685"
},
{
"status": "affected",
"version": "22.0 ap374895"
},
{
"status": "affected",
"version": "22.0 ap376429"
},
{
"status": "affected",
"version": "22.0 ap379838"
},
{
"status": "affected",
"version": "22.0 ap380187"
},
{
"status": "affected",
"version": "22.0 ap380143"
},
{
"status": "affected",
"version": "22.0 ap379972"
},
{
"status": "affected",
"version": "22.0 ap380535"
},
{
"status": "affected",
"version": "22.0 ap380117"
},
{
"status": "affected",
"version": "22.0 ap380473"
},
{
"status": "affected",
"version": "22.0 ap375924"
},
{
"status": "affected",
"version": "22.0 ap379833"
},
{
"status": "affected",
"version": "22.0 ap376661"
},
{
"status": "affected",
"version": "22.0 ap380041"
},
{
"status": "affected",
"version": "22.0 ap380391"
},
{
"status": "affected",
"version": "22.0 ap379795"
},
{
"status": "affected",
"version": "22.0 ap376701"
},
{
"status": "affected",
"version": "22.0 ap376668"
},
{
"status": "affected",
"version": "22.0 ap377384"
},
{
"status": "affected",
"version": "22.0 ap377480"
},
{
"status": "affected",
"version": "22.0 ap377581"
},
{
"status": "affected",
"version": "22.0 ap376652"
},
{
"status": "affected",
"version": "22.0 ap376620"
},
{
"status": "affected",
"version": "22.0 ap378405"
},
{
"status": "affected",
"version": "22.0 ap377494"
},
{
"status": "affected",
"version": "22.0 ap378440"
},
{
"status": "affected",
"version": "22.0 ap378581"
},
{
"status": "affected",
"version": "22.0 ap377307"
},
{
"status": "affected",
"version": "22.0 ap377566"
},
{
"status": "affected",
"version": "22.0 ap378585"
},
{
"status": "affected",
"version": "22.0 ap377149"
},
{
"status": "affected",
"version": "22.0 ap378471"
},
{
"status": "affected",
"version": "22.0 ap377412"
},
{
"status": "affected",
"version": "22.0 ap377068"
},
{
"status": "affected",
"version": "22.0 ap377757"
},
{
"status": "affected",
"version": "22.0 ap378332"
},
{
"status": "affected",
"version": "22.0 ap379016"
},
{
"status": "affected",
"version": "22.0 ap378866"
},
{
"status": "affected",
"version": "22.0 ap378079"
},
{
"status": "affected",
"version": "22.0 ap378509"
},
{
"status": "affected",
"version": "22.0 ap378953"
},
{
"status": "affected",
"version": "22.0 ap377779"
},
{
"status": "affected",
"version": "22.0 ap379008"
},
{
"status": "affected",
"version": "22.0 ap379694"
},
{
"status": "affected",
"version": "22.0 ap379597"
},
{
"status": "affected",
"version": "22.0 ap378882"
},
{
"status": "affected",
"version": "22.0 ap379389"
},
{
"status": "affected",
"version": "22.0 ap379487"
},
{
"status": "affected",
"version": "22.0 ap379374"
},
{
"status": "affected",
"version": "22.0 ap380771"
},
{
"status": "affected",
"version": "22.0 ap381594"
},
{
"status": "affected",
"version": "22.0 ap381243"
},
{
"status": "affected",
"version": "22.0 ap380629"
},
{
"status": "affected",
"version": "22.0 ap380751"
},
{
"status": "affected",
"version": "22.0 ap382158"
},
{
"status": "affected",
"version": "22.0 ap378999"
},
{
"status": "affected",
"version": "22.0 ap381136"
},
{
"status": "affected",
"version": "22.0 ap382240"
},
{
"status": "affected",
"version": "22.0 ap382362"
},
{
"status": "affected",
"version": "22.0 ap382192"
},
{
"status": "affected",
"version": "22.0 ap381091"
},
{
"status": "affected",
"version": "22.0 ap382251"
},
{
"status": "affected",
"version": "22.0 ap381732"
},
{
"status": "affected",
"version": "22.0 ap381584"
},
{
"status": "affected",
"version": "22.0 ap381118"
},
{
"status": "affected",
"version": "22.0 ap382717"
},
{
"status": "affected",
"version": "22.0 ap383569"
},
{
"status": "affected",
"version": "22.0 ap382487"
},
{
"status": "affected",
"version": "22.0 ap383002"
},
{
"status": "affected",
"version": "22.0 ap382434"
},
{
"status": "affected",
"version": "22.0 ap383170"
},
{
"status": "affected",
"version": "22.0 ap383309"
},
{
"status": "affected",
"version": "22.0 ap383514"
},
{
"status": "affected",
"version": "22.0 ap383710"
},
{
"status": "affected",
"version": "22.0 ap382977"
},
{
"status": "affected",
"version": "22.0 ap382488"
},
{
"status": "affected",
"version": "22.0 ap383134"
},
{
"status": "affected",
"version": "22.0 ap359429"
},
{
"status": "affected",
"version": "21.sp1 ap351795"
},
{
"status": "affected",
"version": "21.sp1 ap348143"
},
{
"status": "affected",
"version": "21.sp1 ap351216"
},
{
"status": "affected",
"version": "21.sp1 ap339376"
},
{
"status": "affected",
"version": "21.sp1 ap358132"
},
{
"status": "affected",
"version": "21.sp1 ap355717"
},
{
"status": "affected",
"version": "21.sp1 ap346074"
},
{
"status": "affected",
"version": "21.sp1 ap373102"
},
{
"status": "affected",
"version": "21.sp1 ap235252"
},
{
"status": "affected",
"version": "21.sp1 ap242300"
},
{
"status": "affected",
"version": "21.sp1 ap338964"
},
{
"status": "affected",
"version": "21.sp1 ap339196"
},
{
"status": "affected",
"version": "21.sp1 ap341645"
},
{
"status": "affected",
"version": "21.sp1 ap341897"
},
{
"status": "affected",
"version": "21.sp1 ap342461"
},
{
"status": "affected",
"version": "21.sp1 ap342625"
},
{
"status": "affected",
"version": "21.sp1 ap342755"
},
{
"status": "affected",
"version": "21.sp1 ap342853"
},
{
"status": "affected",
"version": "21.sp1 ap343352"
},
{
"status": "affected",
"version": "21.sp1 ap344270"
},
{
"status": "affected",
"version": "21.sp1 ap344479"
},
{
"status": "affected",
"version": "21.sp1 ap344681"
},
{
"status": "affected",
"version": "21.sp1 ap345054"
},
{
"status": "affected",
"version": "21.sp1 ap345293"
},
{
"status": "affected",
"version": "21.sp1 ap345755"
},
{
"status": "affected",
"version": "21.sp1 ap348472"
},
{
"status": "affected",
"version": "21.sp1 ap349222"
},
{
"status": "affected",
"version": "21.sp1 ap350050"
},
{
"status": "affected",
"version": "21.sp1 ap350189"
},
{
"status": "affected",
"version": "21.sp1 ap351248"
},
{
"status": "affected",
"version": "21.sp1 ap351295"
},
{
"status": "affected",
"version": "21.sp1 ap351530"
},
{
"status": "affected",
"version": "21.sp1 ap351754"
},
{
"status": "affected",
"version": "21.sp1 ap351898"
},
{
"status": "affected",
"version": "21.sp1 ap352082"
},
{
"status": "affected",
"version": "21.sp1 ap352205"
},
{
"status": "affected",
"version": "21.sp1 ap352972"
},
{
"status": "affected",
"version": "21.sp1 ap353418"
},
{
"status": "affected",
"version": "21.sp1 ap353841"
},
{
"status": "affected",
"version": "21.sp1 ap354707"
},
{
"status": "affected",
"version": "21.sp1 ap356271"
},
{
"status": "affected",
"version": "21.sp1 ap356787"
},
{
"status": "affected",
"version": "21.sp1 ap357574"
},
{
"status": "affected",
"version": "21.sp1 ap358730"
},
{
"status": "affected",
"version": "21.sp1 ap360211"
},
{
"status": "affected",
"version": "21.sp1 ap360306"
},
{
"status": "affected",
"version": "21.sp1 ap361420"
},
{
"status": "affected",
"version": "21.sp1 ap365379"
},
{
"status": "affected",
"version": "21.sp1 ap365390"
},
{
"status": "affected",
"version": "21.sp1 ap366348"
},
{
"status": "affected",
"version": "21.sp1 ap374822"
},
{
"status": "affected",
"version": "21.sp1 ap375026"
},
{
"status": "affected",
"version": "21.sp1 ap375053"
},
{
"status": "affected",
"version": "21.0 ap349066"
},
{
"status": "affected",
"version": "21.0 ap364358"
},
{
"status": "affected",
"version": "21.0 ap362637"
},
{
"status": "affected",
"version": "21.0 ap342145"
},
{
"status": "affected",
"version": "21.0 ap357571"
},
{
"status": "affected",
"version": "21.0 ap362825"
},
{
"status": "affected",
"version": "21.0 ap361559"
},
{
"status": "affected",
"version": "21.0 ap339395"
},
{
"status": "affected",
"version": "21.0 ap348945"
},
{
"status": "affected",
"version": "21.0 ap346902"
},
{
"status": "affected",
"version": "21.0 ap350308"
},
{
"status": "affected",
"version": "21.0 ap363301"
},
{
"status": "affected",
"version": "21.0 ap349850"
},
{
"status": "affected",
"version": "21.0 ap344752"
},
{
"status": "affected",
"version": "21.0 ap347640"
},
{
"status": "affected",
"version": "21.0 ap350111"
},
{
"status": "affected",
"version": "21.0 ap355616"
},
{
"status": "affected",
"version": "21.0 ap353841"
},
{
"status": "affected",
"version": "21.0 ap346128"
},
{
"status": "affected",
"version": "21.0 ap350204"
},
{
"status": "affected",
"version": "21.0 ap341897"
},
{
"status": "affected",
"version": "21.0 ap347064"
},
{
"status": "affected",
"version": "21.0 ap350032"
},
{
"status": "affected",
"version": "21.0 ap351261"
},
{
"status": "affected",
"version": "21.0 ap352182"
},
{
"status": "affected",
"version": "21.0 ap350760"
},
{
"status": "affected",
"version": "21.0 ap363408"
},
{
"status": "affected",
"version": "21.sp1 ap340545"
},
{
"status": "affected",
"version": "21.sp1 ap341683"
},
{
"status": "affected",
"version": "21.sp1 ap341909"
},
{
"status": "affected",
"version": "21.sp1 ap342214"
},
{
"status": "affected",
"version": "21.sp1 ap344301"
},
{
"status": "affected",
"version": "21.sp1 ap344783"
},
{
"status": "affected",
"version": "21.sp1 ap346270"
},
{
"status": "affected",
"version": "21.sp1 ap346351"
},
{
"status": "affected",
"version": "21.sp1 ap347928"
},
{
"status": "affected",
"version": "21.sp1 ap349517"
},
{
"status": "affected",
"version": "21.sp1 ap349090"
},
{
"status": "affected",
"version": "21.sp1 ap351315"
},
{
"status": "affected",
"version": "21.sp1 ap352304"
},
{
"status": "affected",
"version": "21.sp1 ap351738"
},
{
"status": "affected",
"version": "21.sp1 ap354194"
},
{
"status": "affected",
"version": "21.sp1 ap357347"
},
{
"status": "affected",
"version": "21.sp1 ap364778"
},
{
"status": "affected",
"version": "21.sp1 ap372422"
},
{
"status": "affected",
"version": "21.sp1 ap371281"
},
{
"status": "affected",
"version": "21.sp1 ap370908"
},
{
"status": "affected",
"version": "21.sp1 ap379493"
},
{
"status": "affected",
"version": "21.sp1 ap380506"
},
{
"status": "affected",
"version": "21.sp9 ap360116"
},
{
"status": "affected",
"version": "21.sp9 ap367207"
},
{
"status": "affected",
"version": "RI.2021.02"
},
{
"status": "affected",
"version": "RI.2021.08"
},
{
"status": "affected",
"version": "RI.2021.09"
},
{
"status": "affected",
"version": "RI.2021.10"
},
{
"status": "affected",
"version": "RI.2021.11"
},
{
"status": "affected",
"version": "RI.2021.12"
},
{
"status": "affected",
"version": "RI.2022.02"
},
{
"status": "affected",
"version": "RI.2022.03"
},
{
"status": "affected",
"version": "RI.2022.04"
},
{
"status": "affected",
"version": "RI.2022.07"
},
{
"status": "affected",
"version": "RI.2022.06"
},
{
"status": "affected",
"version": "RI.2022.05"
},
{
"status": "affected",
"version": "RI.2022.08"
},
{
"status": "affected",
"version": "RI.2022.09"
},
{
"status": "affected",
"version": "RI.2022.10"
},
{
"status": "affected",
"version": "RI.2022.12"
},
{
"status": "affected",
"version": "RI.2023.01"
},
{
"status": "affected",
"version": "RI.2023.03"
},
{
"status": "affected",
"version": "RI.2023.02"
},
{
"status": "affected",
"version": "RI.2023.04"
},
{
"status": "affected",
"version": "RI.2023.05"
},
{
"status": "affected",
"version": "RI.2023.07"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to forge the credentials required to access an affected system.\r\n\r This vulnerability is due to the method used to validate SSO tokens. An attacker could exploit this vulnerability by authenticating to the application with forged credentials. A successful exploit could allow the attacker to commit toll fraud or to execute commands at the privilege level of the forged account. If that account is an Administrator account, the attacker would have the ability to view confidential information, modify customer settings, or modify settings for other users. To exploit this vulnerability, the attacker would need a valid user ID that is associated with an affected Cisco BroadWorks system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:58:28.743Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-bw-auth-bypass-kCggMWhX",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-auth-bypass-kCggMWhX"
}
],
"source": {
"advisory": "cisco-sa-bw-auth-bypass-kCggMWhX",
"defects": [
"CSCwh02758"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20238",
"datePublished": "2023-09-06T17:08:28.178Z",
"dateReserved": "2022-10-27T18:47:50.370Z",
"dateUpdated": "2025-12-16T18:23:20.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-2024 (GCVE-0-2023-2024)
Vulnerability from cvelistv5 – Published: 2023-05-18 20:45 – Updated: 2025-02-12 16:27
VLAI
Title
Improper Authentication for OpenBlue Enterprise Manager Data Collector
Summary
Improper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 allow access to an unauthorized user under certain circumstances.
Severity
10 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Johnson Controls | OpenBlue Enterprise Manager Data Collector |
Affected:
0 , < 3.2.5.75
(custom)
|
Date Public
2023-05-18 20:41
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:12:19.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-138-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2024",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T20:09:01.151668Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:27:08.247Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenBlue Enterprise Manager Data Collector",
"vendor": "Johnson Controls",
"versions": [
{
"lessThan": "3.2.5.75",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Rushank Shetty, Security Researcher at Northwestern Mutual"
}
],
"datePublic": "2023-05-18T20:41:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 allow access to an unauthorized user under certain circumstances."
}
],
"value": "Improper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 allow access to an unauthorized user under certain circumstances."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-18T20:45:01.376Z",
"orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"shortName": "jci"
},
"references": [
{
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-138-04"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update all OpenBlue Enterprise Manager Data Collector firmware to version 3.2.5.75."
}
],
"value": "Update all OpenBlue Enterprise Manager Data Collector firmware to version 3.2.5.75."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Contact your Customer Success Manager to obtain the update.\u003cbr\u003e"
}
],
"value": "Contact your Customer Success Manager to obtain the update.\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Authentication for OpenBlue Enterprise Manager Data Collector",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"assignerShortName": "jci",
"cveId": "CVE-2023-2024",
"datePublished": "2023-05-18T20:45:01.376Z",
"dateReserved": "2023-04-13T15:11:18.916Z",
"dateUpdated": "2025-02-12T16:27:08.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20867 (GCVE-0-2023-20867)
Vulnerability from cvelistv5 – Published: 2023-06-13 16:47 – Updated: 2025-10-21 23:05
VLAI
Title
VMware Tools Authentication Bypass Vulnerability
Summary
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.
Severity
SSVC
Exploitation: active
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
10 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VMware | VMware Tools |
Unaffected:
12.2.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:21:33.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0013.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230725-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5493"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/16/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/16/11"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20867",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T19:00:03.914893Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-06-23",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-20867"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:46.160Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-20867"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-23T00:00:00.000Z",
"value": "CVE-2023-20867 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "VMware Tools",
"vendor": "VMware",
"versions": [
{
"status": "unaffected",
"version": "12.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine."
}
],
"value": "A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T17:06:26.274Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0013.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230725-0001/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00020.html"
},
{
"url": "https://www.debian.org/security/2023/dsa-5493"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/16/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/16/11"
}
],
"source": {
"advisory": "VMSA-2023-0013",
"discovery": "EXTERNAL"
},
"title": "VMware Tools Authentication Bypass Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2023-20867",
"datePublished": "2023-06-13T16:47:21.689Z",
"dateReserved": "2022-11-01T15:41:50.390Z",
"dateUpdated": "2025-10-21T23:05:46.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21419 (GCVE-0-2023-21419)
Vulnerability from cvelistv5 – Published: 2023-02-09 00:00 – Updated: 2025-03-24 18:58
VLAI
Summary
An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - cwe-287 improper authentication
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
Affected:
S(12) , < SMR Jan-2023 Release 1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:34.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21419",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-24T18:57:54.791966Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T18:58:18.745Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "SMR Jan-2023 Release 1",
"status": "affected",
"version": "S(12)",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "cwe-287 improper authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-09T00:00:00.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=01"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2023-21419",
"datePublished": "2023-02-09T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-03-24T18:58:18.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21425 (GCVE-0-2023-21425)
Vulnerability from cvelistv5 – Published: 2023-02-09 00:00 – Updated: 2025-03-24 19:50
VLAI
Summary
Improper access control vulnerability in telecom application prior to SMR JAN-2023 Release 1 allows local attackers to get sensitive information.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
Affected:
Q(10), R(11), S(12), T(13) , < SMR Jan-2023 Release 1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:34.452Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21425",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-24T19:50:28.561135Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T19:50:35.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "SMR Jan-2023 Release 1",
"status": "affected",
"version": "Q(10), R(11), S(12), T(13)",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in telecom application prior to SMR JAN-2023 Release 1 allows local attackers to get sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-09T00:00:00.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=01"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2023-21425",
"datePublished": "2023-02-09T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-03-24T19:50:35.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21437 (GCVE-0-2023-21437)
Vulnerability from cvelistv5 – Published: 2023-02-09 00:00 – Updated: 2025-03-24 18:55
VLAI
Summary
Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive information via implicit broadcast.
Severity
4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
Affected:
Q(10), R(11), S(12), T(13) , < SMR Feb-2023 Release 1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:34.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21437",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-24T18:55:01.723738Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T18:55:04.678Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "SMR Feb-2023 Release 1",
"status": "affected",
"version": "Q(10), R(11), S(12), T(13)",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive information via implicit broadcast."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-09T00:00:00.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=02"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2023-21437",
"datePublished": "2023-02-09T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-03-24T18:55:04.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21455 (GCVE-0-2023-21455)
Vulnerability from cvelistv5 – Published: 2023-03-16 00:00 – Updated: 2025-02-26 20:32
VLAI
Summary
Improper authorization implementation in Exynos baseband prior to SMR Mar-2023 Release 1 allows incorrect handling of unencrypted message.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
Affected:
Select devices using Exynos CP chipsets , < SMR Mar-2023 Release 1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:34.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21455",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T20:22:44.739691Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T20:32:07.217Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "SMR Mar-2023 Release 1",
"status": "affected",
"version": "Select devices using Exynos CP chipsets",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authorization implementation in Exynos baseband prior to SMR Mar-2023 Release 1 allows incorrect handling of unencrypted message."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-16T00:00:00.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=03"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2023-21455",
"datePublished": "2023-03-16T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-02-26T20:32:07.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21460 (GCVE-0-2023-21460)
Vulnerability from cvelistv5 – Published: 2023-03-16 00:00 – Updated: 2025-02-26 20:13
VLAI
Summary
Improper authentication in SecSettings prior to SMR Mar-2023 Release 1 allows attacker to reset the setting.
Severity
4.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
Affected:
Android 11, 12, 13 , < SMR Mar-2023 Release 1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:34.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21460",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T20:13:17.736273Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T20:13:33.090Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "SMR Mar-2023 Release 1",
"status": "affected",
"version": "Android 11, 12, 13",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication in SecSettings prior to SMR Mar-2023 Release 1 allows attacker to reset the setting."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-16T00:00:00.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=03"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2023-21460",
"datePublished": "2023-03-16T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-02-26T20:13:33.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21484 (GCVE-0-2023-21484)
Vulnerability from cvelistv5 – Published: 2023-05-04 00:00 – Updated: 2025-01-29 20:14
VLAI
Summary
Improper access control vulnerability in AppLock prior to SMR May-2023 Release 1 allows local attackers without proper permission to execute a privileged operation.
Severity
5.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
Affected:
Android 11, 12, 13 , < SMR May-2023 Release 1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:34.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=05"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21484",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T20:14:13.126593Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T20:14:20.813Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "SMR May-2023 Release 1",
"status": "affected",
"version": "Android 11, 12, 13",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in AppLock prior to SMR May-2023 Release 1 allows local attackers without proper permission to execute a privileged operation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-04T00:00:00.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=05"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2023-21484",
"datePublished": "2023-05-04T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-01-29T20:14:20.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Strategy: Libraries or Frameworks
Description:
- Use an authentication framework or library such as the OWASP ESAPI Authentication feature.
CAPEC-114: Authentication Abuse
An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker.
CAPEC-115: Authentication Bypass
An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place.
CAPEC-151: Identity Spoofing
Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials.
CAPEC-194: Fake the Source of Data
An adversary takes advantage of improper authentication to provide data or services under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or to assume the rights granted to another individual. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. The root of the attack (in this case the email system) fails to properly authenticate the source and this results in the reader incorrectly performing the instructed action. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.
CAPEC-22: Exploiting Trust in Client
An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
CAPEC-57: Utilizing REST's Trust in the System Resource to Obtain Sensitive Data
This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to obtain sensitive data once SSL is terminated.
CAPEC-593: Session Hijacking
This type of attack involves an adversary that exploits weaknesses in an application's use of sessions in performing authentication. The adversary is able to steal or manipulate an active session and use it to gain unathorized access to the application.
CAPEC-633: Token Impersonation
An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.
CAPEC-650: Upload a Web Shell to a Web Server
By exploiting insufficient permissions, it is possible to upload a web shell to a web server in such a way that it can be executed remotely. This shell can have various capabilities, thereby acting as a "gateway" to the underlying web server. The shell might execute at the higher permission level of the web server, providing the ability the execute malicious code at elevated levels.
CAPEC-94: Adversary in the Middle (AiTM)
An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components.