CVE-2023-6263 (GCVE-0-2023-6263)

Vulnerability from cvelistv5 – Published: 2023-11-22 17:56 – Updated: 2024-08-02 08:28
VLAI?
Summary
An issue was discovered by IPVM team in Network Optix NxCloud before 23.1.0.40440. It was possible to add a fake VMS server to NxCloud by using the exact identification of a legitimate VMS server. As result, it was possible to retrieve authorization headers from legitimate users when the legitimate client connects to the fake VMS server.
Severity ?
8.3 (High)
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CWE
  • CWE-290 - Authentication Bypass by Spoofing
Assigner
NX
References
Impacted products
Vendor Product Version
Network Optix NxCloud Affected: 0 , < 23.1.0.40440 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:28:20.362Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://networkoptix.atlassian.net/wiki/spaces/CHS/blog/2023/09/22/3074195467/vulnerability+2023-09-21+-+Server+Spoofing"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "traffic_relay",
            "cloud_db"
          ],
          "product": "NxCloud",
          "vendor": "Network Optix",
          "versions": [
            {
              "lessThan": "23.1.0.40440",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn issue was discovered by IPVM team in Network Optix NxCloud before 23.1.0.40440.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIt was possible to add a fake VMS server to NxCloud by using the exact\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eidentification of a legitimate VMS server. As result, it was possible to\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eretrieve authorization headers from legitimate users when the\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003elegitimate client connects to the fake VMS server.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "An issue was discovered by IPVM team in Network Optix NxCloud before 23.1.0.40440.\u00a0It was possible to add a fake VMS server to NxCloud by using the exact\u00a0identification of a legitimate VMS server. As result, it was possible to\u00a0retrieve authorization headers from legitimate users when the\u00a0legitimate client connects to the fake VMS server.\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-290",
              "description": "CWE-290 Authentication Bypass by Spoofing",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-18T14:31:16.795Z",
        "orgId": "96d4e157-0bf0-48b3-8efd-382c68caf4e0",
        "shortName": "NX"
      },
      "references": [
        {
          "url": "https://networkoptix.atlassian.net/wiki/spaces/CHS/blog/2023/09/22/3074195467/vulnerability+2023-09-21+-+Server+Spoofing"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Server Spoofing Vulnerability in NxCloud",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "96d4e157-0bf0-48b3-8efd-382c68caf4e0",
    "assignerShortName": "NX",
    "cveId": "CVE-2023-6263",
    "datePublished": "2023-11-22T17:56:56.711Z",
    "dateReserved": "2023-11-22T17:55:39.783Z",
    "dateUpdated": "2024-08-02T08:28:20.362Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:networkoptix:nxcloud:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"23.1.0.40440\", \"matchCriteriaId\": \"690A44F2-1ED6-4490-9E4E-17C6FFACD3AE\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered by IPVM team in Network Optix NxCloud before 23.1.0.40440.\\u00a0It was possible to add a fake VMS server to NxCloud by using the exact\\u00a0identification of a legitimate VMS server. As result, it was possible to\\u00a0retrieve authorization headers from legitimate users when the\\u00a0legitimate client connects to the fake VMS server.\\n\"}, {\"lang\": \"es\", \"value\": \"Se descubri\\u00f3 un problema en Network Optix NxCloud antes de 23.1.0.40440. Fue posible agregar un servidor VMS falso a NxCloud utilizando la identificaci\\u00f3n exacta de un servidor VMS leg\\u00edtimo. Como resultado, fue posible recuperar encabezados de autorizaci\\u00f3n de usuarios leg\\u00edtimos cuando el cliente leg\\u00edtimo se conecta al servidor VMS falso.\"}]",
      "id": "CVE-2023-6263",
      "lastModified": "2024-11-21T08:43:29.180",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"96d4e157-0bf0-48b3-8efd-382c68caf4e0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\", \"baseScore\": 8.3, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 6.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.9}]}",
      "published": "2023-11-22T18:15:09.780",
      "references": "[{\"url\": \"https://networkoptix.atlassian.net/wiki/spaces/CHS/blog/2023/09/22/3074195467/vulnerability+2023-09-21+-+Server+Spoofing\", \"source\": \"96d4e157-0bf0-48b3-8efd-382c68caf4e0\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://networkoptix.atlassian.net/wiki/spaces/CHS/blog/2023/09/22/3074195467/vulnerability+2023-09-21+-+Server+Spoofing\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "96d4e157-0bf0-48b3-8efd-382c68caf4e0",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"96d4e157-0bf0-48b3-8efd-382c68caf4e0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-290\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-290\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-6263\",\"sourceIdentifier\":\"96d4e157-0bf0-48b3-8efd-382c68caf4e0\",\"published\":\"2023-11-22T18:15:09.780\",\"lastModified\":\"2024-11-21T08:43:29.180\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered by IPVM team in Network Optix NxCloud before 23.1.0.40440.\u00a0It was possible to add a fake VMS server to NxCloud by using the exact\u00a0identification of a legitimate VMS server. As result, it was possible to\u00a0retrieve authorization headers from legitimate users when the\u00a0legitimate client connects to the fake VMS server.\\n\"},{\"lang\":\"es\",\"value\":\"Se descubri\u00f3 un problema en Network Optix NxCloud antes de 23.1.0.40440. Fue posible agregar un servidor VMS falso a NxCloud utilizando la identificaci\u00f3n exacta de un servidor VMS leg\u00edtimo. Como resultado, fue posible recuperar encabezados de autorizaci\u00f3n de usuarios leg\u00edtimos cuando el cliente leg\u00edtimo se conecta al servidor VMS falso.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"96d4e157-0bf0-48b3-8efd-382c68caf4e0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":8.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"96d4e157-0bf0-48b3-8efd-382c68caf4e0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-290\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-290\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:networkoptix:nxcloud:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"23.1.0.40440\",\"matchCriteriaId\":\"690A44F2-1ED6-4490-9E4E-17C6FFACD3AE\"}]}]}],\"references\":[{\"url\":\"https://networkoptix.atlassian.net/wiki/spaces/CHS/blog/2023/09/22/3074195467/vulnerability+2023-09-21+-+Server+Spoofing\",\"source\":\"96d4e157-0bf0-48b3-8efd-382c68caf4e0\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://networkoptix.atlassian.net/wiki/spaces/CHS/blog/2023/09/22/3074195467/vulnerability+2023-09-21+-+Server+Spoofing\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.