Common Weakness Enumeration
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Back to CWE stats page
CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CVE-2023-31189 (GCVE-0-2023-31189)
Vulnerability from cvelistv5 – Published: 2024-02-14 13:37 – Updated: 2024-08-14 19:22
VLAI
Summary
Improper authentication in some Intel(R) Server Product OpenBMC firmware before version egs-1.09 may allow an authenticated user to enable escalation of privilege via local access.
Severity
5.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- escalation of privilege
- CWE-287 - Improper authentication
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Intel(R) Server Product OpenBMC firmware |
Affected:
before version egs-1.09
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00922.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00922.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31189",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T19:21:57.416460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T19:22:35.437Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Server Product OpenBMC firmware",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version egs-1.09"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication in some Intel(R) Server Product OpenBMC firmware before version egs-1.09 may allow an authenticated user to enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-287",
"description": "Improper authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T13:37:52.110Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00922.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00922.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-31189",
"datePublished": "2024-02-14T13:37:52.110Z",
"dateReserved": "2023-06-09T03:00:03.580Z",
"dateUpdated": "2024-08-14T19:22:35.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3127 (GCVE-0-2023-3127)
Vulnerability from cvelistv5 – Published: 2023-07-11 21:06 – Updated: 2024-10-22 20:31
VLAI
Title
Improper Authentication in iSTAR
Summary
An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Sensormatic Electronics, a subsidiary of Johnson Controls, Inc. | iSTAR Ultra |
Affected:
>6.8.6 , < 6.9.2 CU01
(custom)
|
|
| Sensormatic Electronics, a subsidiary of Johnson Controls, Inc. | iSTAR Ultra LT |
Affected:
>6.8.6 , < 6.9.2 CU01
(custom)
|
|
| Sensormatic Electronics, a subsidiary of Johnson Controls, Inc. | iSTAR Ultra G2 |
Affected:
0 , < 6.9.2 CU01
(custom)
|
|
| Sensormatic Electronics, a subsidiary of Johnson Controls, Inc. | iSTAR Edge G2 |
Affected:
0 , < 6.9.2 CU01
(custom)
|
Date Public
2023-07-11 21:03
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:07.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-192-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3127",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T20:30:47.341803Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T20:31:09.969Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iSTAR Ultra",
"vendor": "Sensormatic Electronics, a subsidiary of Johnson Controls, Inc.",
"versions": [
{
"lessThan": "6.9.2 CU01",
"status": "affected",
"version": "\u003e6.8.6",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "iSTAR Ultra LT",
"vendor": "Sensormatic Electronics, a subsidiary of Johnson Controls, Inc.",
"versions": [
{
"lessThan": "6.9.2 CU01",
"status": "affected",
"version": "\u003e6.8.6",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "iSTAR Ultra G2",
"vendor": "Sensormatic Electronics, a subsidiary of Johnson Controls, Inc.",
"versions": [
{
"lessThan": "6.9.2 CU01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "iSTAR Edge G2",
"vendor": "Sensormatic Electronics, a subsidiary of Johnson Controls, Inc.",
"versions": [
{
"lessThan": "6.9.2 CU01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-07-11T21:03:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights."
}
],
"value": "An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-11T21:06:29.003Z",
"orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"shortName": "jci"
},
"references": [
{
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-192-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 firmware to version 6.9.2 CU01.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Upgrade iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 firmware to version 6.9.2 CU01.\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Authentication in iSTAR",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"assignerShortName": "jci",
"cveId": "CVE-2023-3127",
"datePublished": "2023-07-11T21:06:29.003Z",
"dateReserved": "2023-06-06T14:51:53.713Z",
"dateUpdated": "2024-10-22T20:31:09.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31279 (GCVE-0-2023-31279)
Vulnerability from cvelistv5 – Published: 2024-12-20 23:35 – Updated: 2024-12-24 00:40
VLAI
Title
Improper Authentication
Summary
The AirVantage platform is vulnerable to an unauthorized attacker registering previously unregistered
devices on the AirVantage platform when the owner has not disabled the AirVantage Management
Service on the devices or registered the device. This could enable an attacker to configure, manage,
and execute AT commands on an unsuspecting user’s devices.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sierra Wireless | AirVantage, AirVantage-Capable Devices: All Sierra Wireless devices. |
Affected:
Devices not registered in AirVantage with the AirVantage Management Service enabled.
(Custom)
|
Date Public
2023-05-12 22:28
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31279",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-24T00:31:19.780950Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-24T00:40:07.676Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AirVantage, AirVantage-Capable Devices: All Sierra Wireless devices.",
"vendor": "Sierra Wireless",
"versions": [
{
"status": "affected",
"version": "Devices not registered in AirVantage with the AirVantage Management Service enabled.",
"versionType": "Custom"
}
]
}
],
"datePublic": "2023-05-12T22:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The AirVantage platform is vulnerable to an unauthorized attacker registering previously unregistered \ndevices on the AirVantage platform when the owner has not disabled the AirVantage Management \nService on the devices or registered the device. This could enable an attacker to configure, manage, \nand execute AT commands on an unsuspecting user\u2019s devices."
}
],
"value": "The AirVantage platform is vulnerable to an unauthorized attacker registering previously unregistered \ndevices on the AirVantage platform when the owner has not disabled the AirVantage Management \nService on the devices or registered the device. This could enable an attacker to configure, manage, \nand execute AT commands on an unsuspecting user\u2019s devices."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Configure, manage, and execute AT commands on an unsuspecting user\u2019s devices."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T23:35:29.797Z",
"orgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"shortName": "SWI"
},
"references": [
{
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-002/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Authentication",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"assignerShortName": "SWI",
"cveId": "CVE-2023-31279",
"datePublished": "2024-12-20T23:35:29.797Z",
"dateReserved": "2023-04-26T19:52:55.324Z",
"dateUpdated": "2024-12-24T00:40:07.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32081 (GCVE-0-2023-32081)
Vulnerability from cvelistv5 – Published: 2023-05-12 13:49 – Updated: 2025-01-23 20:55
VLAI
Title
Vert.x STOMP server process client frames that would not send initially a connect frame
Summary
Vert.x STOMP is a vert.x implementation of the STOMP specification that provides a STOMP server and client. From versions 3.1.0 until 3.9.16 and 4.0.0 until 4.4.2, a Vert.x STOMP server processes client STOMP frames without checking that the client send an initial CONNECT frame replied with a successful CONNECTED frame. The client can subscribe to a destination or publish message without prior authentication. Any Vert.x STOMP server configured with an authentication handler is impacted. The issue is patched in Vert.x 3.9.16 and 4.4.2. There are no trivial workarounds.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/vert-x3/vertx-stomp/security/a… | x_refsource_CONFIRM |
| https://github.com/vert-x3/vertx-stomp/commit/0de… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| vert-x3 | vertx-stomp |
Affected:
>= 3.1.0, < 3.9.16
Affected: >= 4.0.0, < 4.4.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:03:29.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/vert-x3/vertx-stomp/security/advisories/GHSA-gvrq-cg5r-7chp",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vert-x3/vertx-stomp/security/advisories/GHSA-gvrq-cg5r-7chp"
},
{
"name": "https://github.com/vert-x3/vertx-stomp/commit/0de4bc5a44ddb57e74d92c445f16456fa03f265b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vert-x3/vertx-stomp/commit/0de4bc5a44ddb57e74d92c445f16456fa03f265b"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32081",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T20:55:08.715333Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T20:55:31.692Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vertx-stomp",
"vendor": "vert-x3",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.1.0, \u003c 3.9.16"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vert.x STOMP is a vert.x implementation of the STOMP specification that provides a STOMP server and client. From versions 3.1.0 until 3.9.16 and 4.0.0 until 4.4.2, a Vert.x STOMP server processes client STOMP frames without checking that the client send an initial CONNECT frame replied with a successful CONNECTED frame. The client can subscribe to a destination or publish message without prior authentication. Any Vert.x STOMP server configured with an authentication handler is impacted. The issue is patched in Vert.x 3.9.16 and 4.4.2. There are no trivial workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-12T13:49:56.969Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vert-x3/vertx-stomp/security/advisories/GHSA-gvrq-cg5r-7chp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vert-x3/vertx-stomp/security/advisories/GHSA-gvrq-cg5r-7chp"
},
{
"name": "https://github.com/vert-x3/vertx-stomp/commit/0de4bc5a44ddb57e74d92c445f16456fa03f265b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vert-x3/vertx-stomp/commit/0de4bc5a44ddb57e74d92c445f16456fa03f265b"
}
],
"source": {
"advisory": "GHSA-gvrq-cg5r-7chp",
"discovery": "UNKNOWN"
},
"title": "Vert.x STOMP server process client frames that would not send initially a connect frame"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-32081",
"datePublished": "2023-05-12T13:49:56.969Z",
"dateReserved": "2023-05-01T16:47:35.316Z",
"dateUpdated": "2025-01-23T20:55:31.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32202 (GCVE-0-2023-32202)
Vulnerability from cvelistv5 – Published: 2023-08-23 21:18 – Updated: 2024-09-30 19:13
VLAI
Title
Walchem Intuition Improper Authentication
Summary
Walchem Intuition 9 firmware versions prior to v4.21 are vulnerable to improper authentication. Login credentials are stored in a format that could allow an attacker to use them as-is to login and gain access to the device.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Walchem | Intuition 9 |
Affected:
0 , < 4.21
(custom)
|
Date Public
2023-08-17 18:53
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:23.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-229-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32202",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T19:09:06.529219Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T19:13:33.969Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intuition 9",
"vendor": "Walchem",
"versions": [
{
"lessThan": "4.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Noam Moshe of Claroty Research - Team82"
}
],
"datePublic": "2023-08-17T18:53:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWalchem Intuition 9 firmware versions prior to v4.21 are vulnerable to improper authentication. Login credentials are stored in a format that could allow an attacker to use them as-is to login and gain access to the device.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Walchem Intuition 9 firmware versions prior to v4.21 are vulnerable to improper authentication. Login credentials are stored in a format that could allow an attacker to use them as-is to login and gain access to the device.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-23T21:18:39.418Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-229-04"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWalchem recommends upgrading all Intuition 9 firmware versions to v4.21 or later. The upgrade can be downloaded from the Walchem \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.walchem.com/\"\u003ewebsite\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Walchem recommends upgrading all Intuition 9 firmware versions to v4.21 or later. The upgrade can be downloaded from the Walchem website https://www.walchem.com/ .\n"
}
],
"source": {
"advisory": "icsa-23-229-04",
"discovery": "EXTERNAL"
},
"title": "Walchem Intuition Improper Authentication",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-32202",
"datePublished": "2023-08-23T21:18:39.418Z",
"dateReserved": "2023-07-18T21:44:31.737Z",
"dateUpdated": "2024-09-30T19:13:33.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32243 (GCVE-0-2023-32243)
Vulnerability from cvelistv5 – Published: 2023-05-12 07:23 – Updated: 2026-04-28 16:08
VLAI
Title
WordPress Essential Addons for Elementor Plugin 5.4.0-5.7.1 is vulnerable to Privilege Escalation
Summary
Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/ess… | vdb-entry |
| https://patchstack.com/articles/critical-privileg… | technical-description |
| http://packetstormsecurity.com/files/172457/WordP… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| WPDeveloper | Essential Addons for Elementor |
Affected:
5.4.0 , ≤ 5.7.1
(custom)
|
Date Public
2023-05-11 07:22
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:24.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/essential-addons-for-elementor-lite/wordpress-essential-addons-for-elementor-plugin-5-4-0-5-7-1-unauthenticated-privilege-escalation-vulnerability?_s_id=cve"
},
{
"tags": [
"technical-description",
"x_transferred"
],
"url": "https://patchstack.com/articles/critical-privilege-escalation-in-essential-addons-for-elementor-plugin-affecting-1-million-sites?_s_id=cve"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172457/WordPress-Elementor-Lite-5.7.1-Arbitrary-Password-Reset.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32243",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T21:47:06.436893Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T22:08:06.190Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "essential-addons-for-elementor-lite",
"product": "Essential Addons for Elementor",
"vendor": "WPDeveloper",
"versions": [
{
"changes": [
{
"at": "5.7.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "5.7.1",
"status": "affected",
"version": "5.4.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafie Muhammad (Patchstack)"
}
],
"datePublic": "2023-05-11T07:22:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation.\u00a0\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.\u003c/span\u003e"
}
],
"value": "Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation.\u00a0This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:08:22.366Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/essential-addons-for-elementor-lite/wordpress-essential-addons-for-elementor-plugin-5-4-0-5-7-1-unauthenticated-privilege-escalation-vulnerability?_s_id=cve"
},
{
"tags": [
"technical-description"
],
"url": "https://patchstack.com/articles/critical-privilege-escalation-in-essential-addons-for-elementor-plugin-affecting-1-million-sites?_s_id=cve"
},
{
"url": "http://packetstormsecurity.com/files/172457/WordPress-Elementor-Lite-5.7.1-Arbitrary-Password-Reset.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u00a05.7.2 or a higher version."
}
],
"value": "Update to\u00a05.7.2 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Essential Addons for Elementor Plugin 5.4.0-5.7.1 is vulnerable to Privilege Escalation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-32243",
"datePublished": "2023-05-12T07:23:22.657Z",
"dateReserved": "2023-05-05T08:13:46.345Z",
"dateUpdated": "2026-04-28T16:08:22.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-32347 (GCVE-0-2023-32347)
Vulnerability from cvelistv5 – Published: 2023-05-22 14:58 – Updated: 2025-01-16 21:35
VLAI
Summary
Teltonika’s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC addresses to identify devices from the user perspective for device claiming and from the device perspective for authentication. If an attacker obtained the serial number and MAC address of a device, they could authenticate as that device and steal communication credentials of the device. This could allow an attacker to enable arbitrary command execution as root by utilizing management options within the newly registered devices.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Teltonika | Remote Management System |
Affected:
0 , < 4.10.0
(custom)
|
Date Public
2023-05-11 18:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:24.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32347",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:21:12.366009Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:35:00.299Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Remote Management System",
"vendor": "Teltonika",
"versions": [
{
"lessThan": "4.10.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Roni Gavrilov"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "OTORIO"
}
],
"datePublic": "2023-05-11T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eTeltonika\u2019s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC addresses to identify devices from the user perspective for device claiming and from the device perspective for authentication. If an attacker obtained the serial number and MAC address of a device, they could authenticate as that device and steal communication credentials of the device. This could allow an attacker to enable arbitrary command execution as root by utilizing management options within the newly registered devices.\u003c/span\u003e\n\n"
}
],
"value": "\nTeltonika\u2019s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC addresses to identify devices from the user perspective for device claiming and from the device perspective for authentication. If an attacker obtained the serial number and MAC address of a device, they could authenticate as that device and steal communication credentials of the device. This could allow an attacker to enable arbitrary command execution as root by utilizing management options within the newly registered devices.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-22T14:59:40.857Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-32347",
"datePublished": "2023-05-22T14:58:44.339Z",
"dateReserved": "2023-05-08T22:09:33.449Z",
"dateUpdated": "2025-01-16T21:35:00.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32453 (GCVE-0-2023-32453)
Vulnerability from cvelistv5 – Published: 2023-08-16 19:22 – Updated: 2024-10-02 16:01
VLAI
Summary
Dell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI variable without knowledge of the BIOS administrator.
Severity
4.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00021521… | vendor-advisory |
Date Public
2023-08-08 06:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:18:37.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000215217/dsa-2023-190-dell-client-bios"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32453",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T15:56:32.291385Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T16:01:10.104Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPG BIOS",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"datePublic": "2023-08-08T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI variable without knowledge of the BIOS administrator.\u003c/span\u003e\n\n"
}
],
"value": "\nDell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI variable without knowledge of the BIOS administrator.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-16T19:22:33.168Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000215217/dsa-2023-190-dell-client-bios"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2023-32453",
"datePublished": "2023-08-16T19:22:33.168Z",
"dateReserved": "2023-05-09T06:02:34.291Z",
"dateUpdated": "2024-10-02T16:01:10.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32661 (GCVE-0-2023-32661)
Vulnerability from cvelistv5 – Published: 2023-11-14 19:04 – Updated: 2024-08-30 17:09
VLAI
Summary
Improper authentication in some Intel(R) NUC Kits NUC7PJYH and NUC7CJYH Realtek* SD Card Reader Driver installation software before version 10.0.19041.29098 may allow an authenticated user to potentially enable escalation of privilege via local access.
Severity
6.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- escalation of privilege
- CWE-287 - Improper authentication
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Intel(R) NUC Kits NUC7PJYH and NUC7CJYH Realtek* SD Card Reader Driver installation software |
Affected:
before version 10.0.19041.29098
|
|
| intel_nuc_kits_nuc7pjyh_and_nuc7cjyh_realtek_sd_card_reader_driver_installation_software | intel_nuc_kits_nuc7pjyh_and_nuc7cjyh_realtek_sd_card_reader_driver_installation_software |
Affected:
0 , < 10.0.19041.29098
(custom)
cpe:2.3:a:intel_nuc_kits_nuc7pjyh_and_nuc7cjyh_realtek_sd_card_reader_driver_installation_software:intel_nuc_kits_nuc7pjyh_and_nuc7cjyh_realtek_sd_card_reader_driver_installation_software:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:36.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel_nuc_kits_nuc7pjyh_and_nuc7cjyh_realtek_sd_card_reader_driver_installation_software:intel_nuc_kits_nuc7pjyh_and_nuc7cjyh_realtek_sd_card_reader_driver_installation_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "intel_nuc_kits_nuc7pjyh_and_nuc7cjyh_realtek_sd_card_reader_driver_installation_software",
"vendor": "intel_nuc_kits_nuc7pjyh_and_nuc7cjyh_realtek_sd_card_reader_driver_installation_software",
"versions": [
{
"lessThan": "10.0.19041.29098",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32661",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T17:05:45.663655Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:09:14.996Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) NUC Kits NUC7PJYH and NUC7CJYH Realtek* SD Card Reader Driver installation software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 10.0.19041.29098"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication in some Intel(R) NUC Kits NUC7PJYH and NUC7CJYH Realtek* SD Card Reader Driver installation software before version 10.0.19041.29098 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-287",
"description": "Improper authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:43.625Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-32661",
"datePublished": "2023-11-14T19:04:43.625Z",
"dateReserved": "2023-06-02T03:00:03.953Z",
"dateUpdated": "2024-08-30T17:09:14.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32682 (GCVE-0-2023-32682)
Vulnerability from cvelistv5 – Published: 2023-06-06 18:20 – Updated: 2025-02-13 16:54
VLAI
Title
Improper checks for deactivated users during login in synapse
Summary
Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the `jwt_config.enabled` configuration setting. 2. The local password database is enabled via the `password_config.enabled` and `password_config.localdb_enabled` configuration settings *and* a user's password is updated via an admin API after a user is deactivated. Note that the local password database is enabled by default, but it is uncommon to set a user's password after they've been deactivated. Installations that are configured to only allow login via Single Sign-On (SSO) via CAS, SAML or OpenID Connect (OIDC); or via an external password provider (e.g. LDAP) are not affected. If not using JSON Web Tokens, ensure that deactivated users do not have a password set. This issue has been addressed in version 1.85.0. Users are advised to upgrade.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://github.com/matrix-org/synapse/security/ad… | x_refsource_CONFIRM |
| https://github.com/matrix-org/synapse/pull/15624 | x_refsource_MISC |
| https://github.com/matrix-org/synapse/pull/15634 | x_refsource_MISC |
| https://matrix-org.github.io/synapse/latest/admin… | x_refsource_MISC |
| https://matrix-org.github.io/synapse/latest/jwt.html | x_refsource_MISC |
| https://matrix-org.github.io/synapse/latest/usage… | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| matrix-org | synapse |
Affected:
< 1.85.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:36.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/matrix-org/synapse/security/advisories/GHSA-26c5-ppr8-f33p",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-26c5-ppr8-f33p"
},
{
"name": "https://github.com/matrix-org/synapse/pull/15624",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/matrix-org/synapse/pull/15624"
},
{
"name": "https://github.com/matrix-org/synapse/pull/15634",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/matrix-org/synapse/pull/15634"
},
{
"name": "https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#create-or-modify-account",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#create-or-modify-account"
},
{
"name": "https://matrix-org.github.io/synapse/latest/jwt.html",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://matrix-org.github.io/synapse/latest/jwt.html"
},
{
"name": "https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#password_config",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#password_config"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32682",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-07T16:28:39.349896Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-07T16:28:59.980Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "synapse",
"vendor": "matrix-org",
"versions": [
{
"status": "affected",
"version": "\u003c 1.85.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the `jwt_config.enabled` configuration setting. 2. The local password database is enabled via the `password_config.enabled` and `password_config.localdb_enabled` configuration settings *and* a user\u0027s password is updated via an admin API after a user is deactivated. Note that the local password database is enabled by default, but it is uncommon to set a user\u0027s password after they\u0027ve been deactivated. Installations that are configured to only allow login via Single Sign-On (SSO) via CAS, SAML or OpenID Connect (OIDC); or via an external password provider (e.g. LDAP) are not affected. If not using JSON Web Tokens, ensure that deactivated users do not have a password set. This issue has been addressed in version 1.85.0. Users are advised to upgrade."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-17T02:06:13.922Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/matrix-org/synapse/security/advisories/GHSA-26c5-ppr8-f33p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-26c5-ppr8-f33p"
},
{
"name": "https://github.com/matrix-org/synapse/pull/15624",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matrix-org/synapse/pull/15624"
},
{
"name": "https://github.com/matrix-org/synapse/pull/15634",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matrix-org/synapse/pull/15634"
},
{
"name": "https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#create-or-modify-account",
"tags": [
"x_refsource_MISC"
],
"url": "https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#create-or-modify-account"
},
{
"name": "https://matrix-org.github.io/synapse/latest/jwt.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://matrix-org.github.io/synapse/latest/jwt.html"
},
{
"name": "https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#password_config",
"tags": [
"x_refsource_MISC"
],
"url": "https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#password_config"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2/"
}
],
"source": {
"advisory": "GHSA-26c5-ppr8-f33p",
"discovery": "UNKNOWN"
},
"title": "Improper checks for deactivated users during login in synapse"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-32682",
"datePublished": "2023-06-06T18:20:14.377Z",
"dateReserved": "2023-05-11T16:33:45.731Z",
"dateUpdated": "2025-02-13T16:54:57.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Strategy: Libraries or Frameworks
Description:
- Use an authentication framework or library such as the OWASP ESAPI Authentication feature.
CAPEC-114: Authentication Abuse
An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker.
CAPEC-115: Authentication Bypass
An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place.
CAPEC-151: Identity Spoofing
Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials.
CAPEC-194: Fake the Source of Data
An adversary takes advantage of improper authentication to provide data or services under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or to assume the rights granted to another individual. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. The root of the attack (in this case the email system) fails to properly authenticate the source and this results in the reader incorrectly performing the instructed action. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.
CAPEC-22: Exploiting Trust in Client
An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
CAPEC-57: Utilizing REST's Trust in the System Resource to Obtain Sensitive Data
This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to obtain sensitive data once SSL is terminated.
CAPEC-593: Session Hijacking
This type of attack involves an adversary that exploits weaknesses in an application's use of sessions in performing authentication. The adversary is able to steal or manipulate an active session and use it to gain unathorized access to the application.
CAPEC-633: Token Impersonation
An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.
CAPEC-650: Upload a Web Shell to a Web Server
By exploiting insufficient permissions, it is possible to upload a web shell to a web server in such a way that it can be executed remotely. This shell can have various capabilities, thereby acting as a "gateway" to the underlying web server. The shell might execute at the higher permission level of the web server, providing the ability the execute malicious code at elevated levels.
CAPEC-94: Adversary in the Middle (AiTM)
An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components.