CWE-330
Use of Insufficiently Random Values
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
CVE-2022-46353 (GCVE-0-2022-46353)
Vulnerability from cvelistv5 – Published: 2022-12-13 00:00 – Updated: 2025-04-22 02:55
VLAI
Summary
A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions.
Severity
9.8 (Critical)
CWE
- CWE-330 - Use of Insufficiently Random Values
Assigner
References
1 reference
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | SCALANCE X204RNA (HSR) |
Affected:
All versions < V3.2.7
|
|
| Siemens | SCALANCE X204RNA (PRP) |
Affected:
All versions < V3.2.7
|
|
| Siemens | SCALANCE X204RNA EEC (HSR) |
Affected:
All versions < V3.2.7
|
|
| Siemens | SCALANCE X204RNA EEC (PRP) |
Affected:
All versions < V3.2.7
|
|
| Siemens | SCALANCE X204RNA EEC (PRP/HSR) |
Affected:
All versions < V3.2.7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:45.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-363821.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-46353",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T02:55:02.622830Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T02:55:31.276Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SCALANCE X204RNA (HSR)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.7"
}
]
},
{
"product": "SCALANCE X204RNA (PRP)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.7"
}
]
},
{
"product": "SCALANCE X204RNA EEC (HSR)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.7"
}
]
},
{
"product": "SCALANCE X204RNA EEC (PRP)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.7"
}
]
},
{
"product": "SCALANCE X204RNA EEC (PRP/HSR)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions \u003c V3.2.7), SCALANCE X204RNA (PRP) (All versions \u003c V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions \u003c V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions \u003c V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions \u003c V3.2.7). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330: Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-363821.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-46353",
"datePublished": "2022-12-13T00:00:00.000Z",
"dateReserved": "2022-11-30T00:00:00.000Z",
"dateUpdated": "2025-04-22T02:55:31.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1385 (GCVE-0-2023-1385)
Vulnerability from cvelistv5 – Published: 2023-05-03 12:33 – Updated: 2025-01-30 15:00
VLAI
Summary
Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services.
This issue affects:
Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5.
Insignia TV with FireOS 7.6.3.3.
Severity
7.1 (High)
CWE
- CWE-330 - Use of Insufficiently Random Values
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Amazon | Fire TV Stick 3rd gen |
Affected:
6.2.9.4
|
|
| Insignia | TV with FireOS |
Affected:
7.6.3.2
|
Date Public
2023-05-02 09:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:11.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-amazon-fire-tv-stick-insignia-fire-os-tv-series/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1385",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T15:00:42.744218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T15:00:50.049Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Fire TV Stick 3rd gen",
"vendor": "Amazon",
"versions": [
{
"status": "affected",
"version": "6.2.9.4"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TV with FireOS ",
"vendor": "Insignia",
"versions": [
{
"status": "affected",
"version": "7.6.3.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Bitdefender IoT Research Team"
}
],
"datePublic": "2023-05-02T09:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services.\u003cbr\u003e\u003cbr\u003eThis issue affects:\u003cbr\u003e\u003cbr\u003eAmazon Fire TV Stick 3rd gen\u0026nbsp;versions prior to 6.2.9.5.\u003cbr\u003eInsignia TV with FireOS\u0026nbsp;7.6.3.3."
}
],
"value": "Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services.\n\nThis issue affects:\n\nAmazon Fire TV Stick 3rd gen\u00a0versions prior to 6.2.9.5.\nInsignia TV with FireOS\u00a07.6.3.3."
}
],
"impacts": [
{
"capecId": "CAPEC-112",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-112 Brute Force"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330 Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T12:33:31.872Z",
"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"shortName": "Bitdefender"
},
"references": [
{
"url": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-amazon-fire-tv-stick-insignia-fire-os-tv-series/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An automatic firmware update to the following versions fixes the issue:\u003cbr\u003e\u003cbr\u003eAmazon Fire TV Stick 3rd gen version 6.2.9.5\u003cbr\u003eInsignia TV with FireOS version 7.6.3.3\u003cbr\u003e"
}
],
"value": "An automatic firmware update to the following versions fixes the issue:\n\nAmazon Fire TV Stick 3rd gen version 6.2.9.5\nInsignia TV with FireOS version 7.6.3.3\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"assignerShortName": "Bitdefender",
"cveId": "CVE-2023-1385",
"datePublished": "2023-05-03T12:33:31.872Z",
"dateReserved": "2023-03-14T09:59:35.119Z",
"dateUpdated": "2025-01-30T15:00:50.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20185 (GCVE-0-2023-20185)
Vulnerability from cvelistv5 – Published: 2023-07-12 13:50 – Updated: 2024-08-02 09:05
VLAI
Summary
A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic.
This vulnerability is due to an issue with the implementation of the ciphers that are used by the CloudSec encryption feature on affected switches. An attacker with an on-path position between the ACI sites could exploit this vulnerability by intercepting intersite encrypted traffic and using cryptanalytic techniques to break the encryption. A successful exploit could allow the attacker to read or modify the traffic that is transmitted between the sites.
Cisco has not released and will not release software updates that address this vulnerability.
Severity
7.4 (High)
CWE
- CWE-330 - Use of Insufficiently Random Values
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco NX-OS System Software in ACI Mode |
Affected:
14.0(1h)
Affected: 14.0(2c) Affected: 14.0(3d) Affected: 14.0(3c) Affected: 14.1(1i) Affected: 14.1(1j) Affected: 14.1(1k) Affected: 14.1(1l) Affected: 14.1(2g) Affected: 14.1(2m) Affected: 14.1(2o) Affected: 14.1(2s) Affected: 14.1(2u) Affected: 14.1(2w) Affected: 14.1(2x) Affected: 14.2(1i) Affected: 14.2(1j) Affected: 14.2(1l) Affected: 14.2(2e) Affected: 14.2(2f) Affected: 14.2(2g) Affected: 14.2(3j) Affected: 14.2(3l) Affected: 14.2(3n) Affected: 14.2(3q) Affected: 14.2(4i) Affected: 14.2(4k) Affected: 14.2(4o) Affected: 14.2(4p) Affected: 14.2(5k) Affected: 14.2(5l) Affected: 14.2(5n) Affected: 14.2(6d) Affected: 14.2(6g) Affected: 14.2(6h) Affected: 14.2(6l) Affected: 14.2(7f) Affected: 14.2(7l) Affected: 14.2(6o) Affected: 14.2(7q) Affected: 14.2(7r) Affected: 14.2(7s) Affected: 14.2(7t) Affected: 14.2(7u) Affected: 14.2(7v) Affected: 14.2(7w) Affected: 15.0(1k) Affected: 15.0(1l) Affected: 15.0(2e) Affected: 15.0(2h) Affected: 15.1(1h) Affected: 15.1(2e) Affected: 15.1(3e) Affected: 15.1(4c) Affected: 15.2(1g) Affected: 15.2(2e) Affected: 15.2(2f) Affected: 15.2(2g) Affected: 15.2(2h) Affected: 15.2(3e) Affected: 15.2(3f) Affected: 15.2(3g) Affected: 15.2(4d) Affected: 15.2(4e) Affected: 15.2(5c) Affected: 15.2(5d) Affected: 15.2(5e) Affected: 15.2(4f) Affected: 15.2(6e) Affected: 15.2(6g) Affected: 15.2(7f) Affected: 15.2(7g) Affected: 15.2(8d) Affected: 15.2(8e) Affected: 15.2(8f) Affected: 15.2(8g) Affected: 15.2(8h) Affected: 16.0(1g) Affected: 16.0(1j) Affected: 16.0(2h) Affected: 16.0(2j) Affected: 16.0(3d) Affected: 16.0(3e) Affected: 15.3(1d) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-aci-cloudsec-enc-Vs5Wn2sX",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco NX-OS System Software in ACI Mode",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "14.0(1h)"
},
{
"status": "affected",
"version": "14.0(2c)"
},
{
"status": "affected",
"version": "14.0(3d)"
},
{
"status": "affected",
"version": "14.0(3c)"
},
{
"status": "affected",
"version": "14.1(1i)"
},
{
"status": "affected",
"version": "14.1(1j)"
},
{
"status": "affected",
"version": "14.1(1k)"
},
{
"status": "affected",
"version": "14.1(1l)"
},
{
"status": "affected",
"version": "14.1(2g)"
},
{
"status": "affected",
"version": "14.1(2m)"
},
{
"status": "affected",
"version": "14.1(2o)"
},
{
"status": "affected",
"version": "14.1(2s)"
},
{
"status": "affected",
"version": "14.1(2u)"
},
{
"status": "affected",
"version": "14.1(2w)"
},
{
"status": "affected",
"version": "14.1(2x)"
},
{
"status": "affected",
"version": "14.2(1i)"
},
{
"status": "affected",
"version": "14.2(1j)"
},
{
"status": "affected",
"version": "14.2(1l)"
},
{
"status": "affected",
"version": "14.2(2e)"
},
{
"status": "affected",
"version": "14.2(2f)"
},
{
"status": "affected",
"version": "14.2(2g)"
},
{
"status": "affected",
"version": "14.2(3j)"
},
{
"status": "affected",
"version": "14.2(3l)"
},
{
"status": "affected",
"version": "14.2(3n)"
},
{
"status": "affected",
"version": "14.2(3q)"
},
{
"status": "affected",
"version": "14.2(4i)"
},
{
"status": "affected",
"version": "14.2(4k)"
},
{
"status": "affected",
"version": "14.2(4o)"
},
{
"status": "affected",
"version": "14.2(4p)"
},
{
"status": "affected",
"version": "14.2(5k)"
},
{
"status": "affected",
"version": "14.2(5l)"
},
{
"status": "affected",
"version": "14.2(5n)"
},
{
"status": "affected",
"version": "14.2(6d)"
},
{
"status": "affected",
"version": "14.2(6g)"
},
{
"status": "affected",
"version": "14.2(6h)"
},
{
"status": "affected",
"version": "14.2(6l)"
},
{
"status": "affected",
"version": "14.2(7f)"
},
{
"status": "affected",
"version": "14.2(7l)"
},
{
"status": "affected",
"version": "14.2(6o)"
},
{
"status": "affected",
"version": "14.2(7q)"
},
{
"status": "affected",
"version": "14.2(7r)"
},
{
"status": "affected",
"version": "14.2(7s)"
},
{
"status": "affected",
"version": "14.2(7t)"
},
{
"status": "affected",
"version": "14.2(7u)"
},
{
"status": "affected",
"version": "14.2(7v)"
},
{
"status": "affected",
"version": "14.2(7w)"
},
{
"status": "affected",
"version": "15.0(1k)"
},
{
"status": "affected",
"version": "15.0(1l)"
},
{
"status": "affected",
"version": "15.0(2e)"
},
{
"status": "affected",
"version": "15.0(2h)"
},
{
"status": "affected",
"version": "15.1(1h)"
},
{
"status": "affected",
"version": "15.1(2e)"
},
{
"status": "affected",
"version": "15.1(3e)"
},
{
"status": "affected",
"version": "15.1(4c)"
},
{
"status": "affected",
"version": "15.2(1g)"
},
{
"status": "affected",
"version": "15.2(2e)"
},
{
"status": "affected",
"version": "15.2(2f)"
},
{
"status": "affected",
"version": "15.2(2g)"
},
{
"status": "affected",
"version": "15.2(2h)"
},
{
"status": "affected",
"version": "15.2(3e)"
},
{
"status": "affected",
"version": "15.2(3f)"
},
{
"status": "affected",
"version": "15.2(3g)"
},
{
"status": "affected",
"version": "15.2(4d)"
},
{
"status": "affected",
"version": "15.2(4e)"
},
{
"status": "affected",
"version": "15.2(5c)"
},
{
"status": "affected",
"version": "15.2(5d)"
},
{
"status": "affected",
"version": "15.2(5e)"
},
{
"status": "affected",
"version": "15.2(4f)"
},
{
"status": "affected",
"version": "15.2(6e)"
},
{
"status": "affected",
"version": "15.2(6g)"
},
{
"status": "affected",
"version": "15.2(7f)"
},
{
"status": "affected",
"version": "15.2(7g)"
},
{
"status": "affected",
"version": "15.2(8d)"
},
{
"status": "affected",
"version": "15.2(8e)"
},
{
"status": "affected",
"version": "15.2(8f)"
},
{
"status": "affected",
"version": "15.2(8g)"
},
{
"status": "affected",
"version": "15.2(8h)"
},
{
"status": "affected",
"version": "16.0(1g)"
},
{
"status": "affected",
"version": "16.0(1j)"
},
{
"status": "affected",
"version": "16.0(2h)"
},
{
"status": "affected",
"version": "16.0(2j)"
},
{
"status": "affected",
"version": "16.0(3d)"
},
{
"status": "affected",
"version": "16.0(3e)"
},
{
"status": "affected",
"version": "15.3(1d)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic.\r\n\r This vulnerability is due to an issue with the implementation of the ciphers that are used by the CloudSec encryption feature on affected switches. An attacker with an on-path position between the ACI sites could exploit this vulnerability by intercepting intersite encrypted traffic and using cryptanalytic techniques to break the encryption. A successful exploit could allow the attacker to read or modify the traffic that is transmitted between the sites.\r\n\r Cisco has not released and will not release software updates that address this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "Use of Insufficiently Random Values",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:57:51.916Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-aci-cloudsec-enc-Vs5Wn2sX",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX"
}
],
"source": {
"advisory": "cisco-sa-aci-cloudsec-enc-Vs5Wn2sX",
"defects": [
"CSCwf02544"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20185",
"datePublished": "2023-07-12T13:50:35.866Z",
"dateReserved": "2022-10-27T18:47:50.364Z",
"dateUpdated": "2024-08-02T09:05:36.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22601 (GCVE-0-2023-22601)
Vulnerability from cvelistv5 – Published: 2023-01-12 22:34 – Updated: 2025-01-16 22:02
VLAI
Summary
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. They do not properly randomize MQTT ClientID parameters. An unauthorized user could calculate this parameter and use it to gather additional information about other InHand devices managed on the same cloud platform.
Severity
10 (Critical)
CWE
- CWE-330 - Use of Insufficiently Random Values
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | government-resource |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| InHand Networks | InRouter 302 |
Affected:
0 , < IR302 V3.5.56
(custom)
|
|
| InHand Networks | InRouter 615 |
Affected:
0 , < InRouter6XX-S-V2.3.0.r5542
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:49.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22601",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:57:28.619800Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T22:02:14.602Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "InRouter 302",
"vendor": "InHand Networks",
"versions": [
{
"lessThan": "IR302 V3.5.56",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "InRouter 615",
"vendor": "InHand Networks",
"versions": [
{
"lessThan": "InRouter6XX-S-V2.3.0.r5542",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Roni Gavrilov"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "OTORIO"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values.\u0026nbsp;They\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edo not properly randomize MQTT ClientID parameters. An unauthorized user could calculate this parameter and use it to gather additional information about other InHand devices managed on the same cloud platform. \u003c/span\u003e\n\n \u003c/span\u003e\n\n \u003c/span\u003e\n\n \u003c/span\u003e\n\n \n\n \u003c/span\u003e\n\n"
}
],
"value": "\nInHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values.\u00a0They\u00a0do not properly randomize MQTT ClientID parameters. An unauthorized user could calculate this parameter and use it to gather additional information about other InHand devices managed on the same cloud platform. \n\n \n\n \n\n \n\n \n\n \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330 Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-12T22:34:14.532Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-03"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-22601",
"datePublished": "2023-01-12T22:34:14.532Z",
"dateReserved": "2023-01-03T19:55:20.124Z",
"dateUpdated": "2025-01-16T22:02:14.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22746 (GCVE-0-2023-22746)
Vulnerability from cvelistv5 – Published: 2023-02-03 21:07 – Updated: 2025-03-10 21:16
VLAI
Title
CKAN is vulnerable to session secret shared across instances using Docker images
Summary
CKAN is an open-source DMS (data management system) for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the `.env` file, that key was shared across different CKAN instances, making it easy to forge authentication requests. Users overriding the default secret key in their own `.env` file are not affected by this issue. Note that the legacy images (ckan/ckan) located in the main CKAN repo are not affected by this issue. The affected images are ckan/ckan-docker, (ckan/ckan-base images), okfn/docker-ckan (openknowledge/ckan-base and openknowledge/ckan-dev images)
keitaroinc/docker-ckan (keitaro/ckan images).
Severity
8.6 (High)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/ckan/ckan/security/advisories/… | x_refsource_CONFIRM |
| https://github.com/ckan/ckan/commit/44af0f0a148fc… | x_refsource_MISC |
| https://github.com/ckan/ckan/commit/4c22c135fa486… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/ckan/ckan/security/advisories/GHSA-pr8j-v4c8-h62x",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ckan/ckan/security/advisories/GHSA-pr8j-v4c8-h62x"
},
{
"name": "https://github.com/ckan/ckan/commit/44af0f0a148fcc0e0fbcf02fe69b7db13459a84b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ckan/ckan/commit/44af0f0a148fcc0e0fbcf02fe69b7db13459a84b"
},
{
"name": "https://github.com/ckan/ckan/commit/4c22c135fa486afa13855d1cdb9765eaf418d2aa",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ckan/ckan/commit/4c22c135fa486afa13855d1cdb9765eaf418d2aa"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22746",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T20:59:04.838038Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:16:37.925Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ckan",
"vendor": "ckan",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.9.0, \u003c 2.9.7"
},
{
"status": "affected",
"version": "\u003c 2.8.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CKAN is an open-source DMS (data management system) for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn\u0027t set a custom value via environment variables in the `.env` file, that key was shared across different CKAN instances, making it easy to forge authentication requests. Users overriding the default secret key in their own `.env` file are not affected by this issue. Note that the legacy images (ckan/ckan) located in the main CKAN repo are not affected by this issue. The affected images are ckan/ckan-docker, (ckan/ckan-base images), okfn/docker-ckan (openknowledge/ckan-base and openknowledge/ckan-dev images)\nkeitaroinc/docker-ckan (keitaro/ckan images).\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-344",
"description": "CWE-344: Use of Invariant Value in Dynamically Changing Context",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330: Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-03T21:07:11.551Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ckan/ckan/security/advisories/GHSA-pr8j-v4c8-h62x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ckan/ckan/security/advisories/GHSA-pr8j-v4c8-h62x"
},
{
"name": "https://github.com/ckan/ckan/commit/44af0f0a148fcc0e0fbcf02fe69b7db13459a84b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ckan/ckan/commit/44af0f0a148fcc0e0fbcf02fe69b7db13459a84b"
},
{
"name": "https://github.com/ckan/ckan/commit/4c22c135fa486afa13855d1cdb9765eaf418d2aa",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ckan/ckan/commit/4c22c135fa486afa13855d1cdb9765eaf418d2aa"
}
],
"source": {
"advisory": "GHSA-pr8j-v4c8-h62x",
"discovery": "UNKNOWN"
},
"title": "CKAN is vulnerable to session secret shared across instances using Docker images"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-22746",
"datePublished": "2023-02-03T21:07:11.551Z",
"dateReserved": "2023-01-06T14:21:05.894Z",
"dateUpdated": "2025-03-10T21:16:37.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2418 (GCVE-0-2023-2418)
Vulnerability from cvelistv5 – Published: 2023-04-29 00:31 – Updated: 2024-08-02 06:19
VLAI
Title
Konga Login API random values
Summary
A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. The associated identifier of this vulnerability is VDB-227715.
Severity
CWE
- CWE-330 - Insufficiently Random Values
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.227715 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.227715 | signaturepermissions-required |
| https://www.cnblogs.com/andao/p/17330864.html | broken-linkexploit |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:15.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.227715"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.227715"
},
{
"tags": [
"broken-link",
"exploit",
"x_transferred"
],
"url": "https://www.cnblogs.com/andao/p/17330864.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Login API"
],
"product": "Konga",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.8.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "the_whovian (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. The associated identifier of this vulnerability is VDB-227715."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Konga 2.8.3 f\u00fcr Kong ausgemacht. Sie wurde als problematisch eingestuft. Es betrifft eine unbekannte Funktion der Komponente Login API. Durch Manipulation mit unbekannten Daten kann eine insufficiently random values-Schwachstelle ausgenutzt werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme werden Anpassungen an der Konfiguration empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.8,
"vectorString": "AV:A/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330 Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T07:22:36.018Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.227715"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.227715"
},
{
"tags": [
"broken-link",
"exploit"
],
"url": "https://www.cnblogs.com/andao/p/17330864.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-04-28T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-04-28T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-04-28T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-05-24T08:37:31.000Z",
"value": "VulDB entry last update"
}
],
"title": "Konga Login API random values"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-2418",
"datePublished": "2023-04-29T00:31:04.842Z",
"dateReserved": "2023-04-28T16:52:40.949Z",
"dateUpdated": "2024-08-02T06:19:15.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24478 (GCVE-0-2023-24478)
Vulnerability from cvelistv5 – Published: 2023-08-15 12:42 – Updated: 2024-10-01 18:24
VLAI
Summary
Use of insufficiently random values for some Intel Agilex(R) software included as part of Intel(R) Quartus(R) Prime Pro Edition for linux before version 22.4 may allow an authenticated user to potentially enable information disclosure via local access.
Severity
5.5 (Medium)
CWE
- information disclosure
- CWE-330 - Use of insufficiently random values
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Intel Agilex(R) software included as part of Intel(R) Quartus(R) Prime Pro Edition for linux |
Affected:
before version 22.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:56:04.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00850.html",
"tags": [
"x_transferred"
],
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00850.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24478",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T18:23:08.233847Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T18:24:41.291Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel Agilex(R) software included as part of Intel(R) Quartus(R) Prime Pro Edition for linux",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 22.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of insufficiently random values for some Intel Agilex(R) software included as part of Intel(R) Quartus(R) Prime Pro Edition for linux before version 22.4 may allow an authenticated user to potentially enable information disclosure via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en"
},
{
"cweId": "CWE-330",
"description": "Use of insufficiently random values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-15T12:42:18.308Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00850.html",
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00850.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-24478",
"datePublished": "2023-08-15T12:42:18.308Z",
"dateReserved": "2023-03-01T18:23:25.229Z",
"dateUpdated": "2024-10-01T18:24:41.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26451 (GCVE-0-2023-26451)
Vulnerability from cvelistv5 – Published: 2023-08-02 12:23 – Updated: 2024-08-02 11:53
VLAI
Summary
Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts could be compromised. The oAuth Authorization Service is not enabled by default. We have updated the implementation to use sources with sufficient randomness to generate authorization tokens. No publicly available exploits are known.
Severity
7.5 (High)
CWE
- CWE-330 - Use of Insufficiently Random Values
Assigner
References
4 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OX Software GmbH | OX App Suite |
Affected:
0 , ≤ 8.11
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:52.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6230_7.10.6_2023-05-02.pdf"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0003.json"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Aug/8"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/173943/OX-App-Suite-SSRF-SQL-Injection-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"backend"
],
"product": "OX App Suite",
"vendor": "OX Software GmbH",
"versions": [
{
"lessThanOrEqual": "8.11",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eFunctions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts could be compromised. The oAuth Authorization Service is not enabled by default. We have updated the implementation to use sources with sufficient randomness to generate authorization tokens. No publicly available exploits are known.\u003c/p\u003e"
}
],
"value": "Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts could be compromised. The oAuth Authorization Service is not enabled by default. We have updated the implementation to use sources with sufficient randomness to generate authorization tokens. No publicly available exploits are known.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330 Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-12T07:08:44.957Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6230_7.10.6_2023-05-02.pdf"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0003.json"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Aug/8"
},
{
"url": "http://packetstormsecurity.com/files/173943/OX-App-Suite-SSRF-SQL-Injection-Cross-Site-Scripting.html"
}
],
"source": {
"defect": [
"MWB-2102"
],
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2023-26451",
"datePublished": "2023-08-02T12:23:47.407Z",
"dateReserved": "2023-02-22T20:42:56.092Z",
"dateUpdated": "2024-08-02T11:53:52.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2884 (GCVE-0-2023-2884)
Vulnerability from cvelistv5 – Published: 2023-05-25 08:26 – Updated: 2026-05-22 10:50
VLAI
Title
Insecure Randomness in CBOT's Chatbot
Summary
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofing by Key Recreation.
This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.
Severity
9.8 (Critical)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-23-0293 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
Date Public
2023-05-25 08:30
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:02.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.usom.gov.tr/bildirim/tr-23-0293"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2884",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-15T20:59:46.870052Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-15T20:59:51.037Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Chatbot",
"vendor": "CBOT",
"versions": [
{
"lessThan": "Core: v4.0.3.4 Panel: v4.0.3.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Koray Seyfullah DANISMA"
}
],
"datePublic": "2023-05-25T08:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofing by Key Recreation.\u003cp\u003eThis issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.\u003c/p\u003e"
}
],
"value": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofing by Key Recreation.\n\nThis issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7."
}
],
"impacts": [
{
"capecId": "CAPEC-485",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-485 Signature Spoofing by Key Recreation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330 Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T10:50:01.793Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-23-0293"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0293"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the\u0026nbsp;Core to \u0026gt;= v4.0.3.4 and the Panel to \u0026gt;= v4.0.3.7 ."
}
],
"value": "Update the\u00a0Core to \u003e= v4.0.3.4 and the Panel to \u003e= v4.0.3.7 ."
}
],
"source": {
"advisory": "TR-23-0293",
"defect": [
"TR-23-0293"
],
"discovery": "USER"
},
"title": "Insecure Randomness in CBOT\u0027s Chatbot",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2023-2884",
"datePublished": "2023-05-25T08:26:39.535Z",
"dateReserved": "2023-05-25T08:03:27.613Z",
"dateUpdated": "2026-05-22T10:50:01.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-29332 (GCVE-0-2023-29332)
Vulnerability from cvelistv5 – Published: 2023-09-12 16:58 – Updated: 2025-10-30 18:17
VLAI
Title
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
Summary
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
Severity
CWE
- CWE-330 - Use of Insufficiently Random Values
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Azure Kubernetes Service |
Affected:
1.0 , < VHD 202308
(custom)
|
Date Public
2023-09-12 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:45.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29332"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29332",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:50:20.635220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:54:08.046Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Azure Kubernetes Service",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "VHD 202308",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_kubernetes_service:*:*:*:*:*:*:*:*",
"versionEndExcluding": "VHD 202308",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-09-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330: Use of Insufficiently Random Values",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T18:17:39.232Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29332"
}
],
"title": "Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-29332",
"datePublished": "2023-09-12T16:58:34.444Z",
"dateReserved": "2023-04-04T22:34:18.379Z",
"dateUpdated": "2025-10-30T18:17:39.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Architecture and Design
Description:
- Use a well-vetted algorithm that is currently considered to be strong by experts in the field, and select well-tested implementations with adequate length seeds.
- In general, if a pseudo-random number generator is not advertised as being cryptographically secure, then it is probably a statistical PRNG and should not be used in security-sensitive contexts.
- Pseudo-random number generators can produce predictable numbers if the generator is known and the seed can be guessed. A 256-bit seed is a good starting point for producing a "random enough" number.
Mitigation
Phase: Implementation
Description:
- Consider a PRNG that re-seeds itself as needed from high quality pseudo-random output sources, such as hardware devices.
Mitigation ID: MIT-2
Phases: Architecture and Design, Requirements
Strategy: Libraries or Frameworks
Description:
- Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").
CAPEC-112: Brute Force
In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset.
CAPEC-485: Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
CAPEC-59: Session Credential Falsification through Prediction
This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.