CVE-2023-5457 (GCVE-0-2023-5457)
Vulnerability from cvelistv5 – Published: 2024-03-05 11:15 – Updated: 2024-08-23 20:20
VLAI?
Summary
A CWE-1269 “Product Released in Non-Release Configuration” vulnerability in the Django web framework used by the web application (due to the “debug” configuration parameter set to “True”) allows a remote unauthenticated attacker to access critical information and have other unspecified impacts to the confidentiality, integrity, and availability of the application. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.
Severity ?
7.5 (High)
CWE
- CWE-1269 - Product Released in Non-Release Configuration
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| AiLux | imx6 bundle |
Affected:
0 , < 1.0.7-2
(semver)
|
Credits
Andrea Palanca of Nozomi Networks found this bug during a security research activity.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-5457"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ailux:imx6_bundle:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "imx6_bundle",
"vendor": "ailux",
"versions": [
{
"lessThan": "1.0.7-2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5457",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-23T20:20:08.350336Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T20:20:12.620Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "imx6 bundle",
"vendor": "AiLux",
"versions": [
{
"lessThan": "1.0.7-2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca of Nozomi Networks found this bug during a security research activity."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A CWE-1269 \u201cProduct Released in Non-Release Configuration\u201d vulnerability in the Django web framework used by the web application (due to the \u201cdebug\u201d configuration parameter set to \u201cTrue\u201d) allows a remote unauthenticated attacker to access critical information and have other unspecified impacts to the confidentiality, integrity, and availability of the application. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2."
}
],
"value": "A CWE-1269 \u201cProduct Released in Non-Release Configuration\u201d vulnerability in the Django web framework used by the web application (due to the \u201cdebug\u201d configuration parameter set to \u201cTrue\u201d) allows a remote unauthenticated attacker to access critical information and have other unspecified impacts to the confidentiality, integrity, and availability of the application. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1269",
"description": "CWE-1269 Product Released in Non-Release Configuration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-05T11:15:01.811Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-5457"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2023-5457",
"datePublished": "2024-03-05T11:15:01.811Z",
"dateReserved": "2023-10-09T08:27:02.527Z",
"dateUpdated": "2024-08-23T20:20:12.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"A CWE-1269 \\u201cProduct Released in Non-Release Configuration\\u201d vulnerability in the Django web framework used by the web application (due to the \\u201cdebug\\u201d configuration parameter set to \\u201cTrue\\u201d) allows a remote unauthenticated attacker to access critical information and have other unspecified impacts to the confidentiality, integrity, and availability of the application. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad CWE-1269 de \\\"Producto lanzado en configuraci\\u00f3n sin lanzamiento\\\" en el framework web Django utilizado por la aplicaci\\u00f3n web (debido al par\\u00e1metro de configuraci\\u00f3n \\\"depuraci\\u00f3n\\\" establecido en \\\"Verdadero\\\") permite que un atacante remoto no autenticado acceda a informaci\\u00f3n cr\\u00edtica y tenga otros impactos no especificados a la confidencialidad, integridad y disponibilidad de la aplicaci\\u00f3n. Este problema afecta: Paquete AiLux imx6 inferior a la versi\\u00f3n imx6_1.0.7-2.\"}]",
"id": "CVE-2023-5457",
"lastModified": "2024-11-21T08:41:48.313",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"prodsec@nozominetworks.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2024-03-05T12:15:47.793",
"references": "[{\"url\": \"https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-5457\", \"source\": \"prodsec@nozominetworks.com\"}, {\"url\": \"https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-5457\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "prodsec@nozominetworks.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"prodsec@nozominetworks.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-1269\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-5457\",\"sourceIdentifier\":\"prodsec@nozominetworks.com\",\"published\":\"2024-03-05T12:15:47.793\",\"lastModified\":\"2025-04-09T20:34:52.100\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A CWE-1269 \u201cProduct Released in Non-Release Configuration\u201d vulnerability in the Django web framework used by the web application (due to the \u201cdebug\u201d configuration parameter set to \u201cTrue\u201d) allows a remote unauthenticated attacker to access critical information and have other unspecified impacts to the confidentiality, integrity, and availability of the application. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad CWE-1269 de \\\"Producto lanzado en configuraci\u00f3n sin lanzamiento\\\" en el framework web Django utilizado por la aplicaci\u00f3n web (debido al par\u00e1metro de configuraci\u00f3n \\\"depuraci\u00f3n\\\" establecido en \\\"Verdadero\\\") permite que un atacante remoto no autenticado acceda a informaci\u00f3n cr\u00edtica y tenga otros impactos no especificados a la confidencialidad, integridad y disponibilidad de la aplicaci\u00f3n. Este problema afecta: Paquete AiLux imx6 inferior a la versi\u00f3n imx6_1.0.7-2.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"prodsec@nozominetworks.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"prodsec@nozominetworks.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1269\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ailux:imx6:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.7-2\",\"matchCriteriaId\":\"0AC8BA0D-1588-4072-8BEA-464B1E76AF80\"}]}]}],\"references\":[{\"url\":\"https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-5457\",\"source\":\"prodsec@nozominetworks.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-5457\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-5457\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T07:59:44.696Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-5457\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-23T20:20:08.350336Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ailux:imx6_bundle:*:*:*:*:*:*:*:*\"], \"vendor\": \"ailux\", \"product\": \"imx6_bundle\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.0.7-2\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-23T20:20:00.854Z\"}}], \"cna\": {\"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Andrea Palanca of Nozomi Networks found this bug during a security research activity.\"}], \"impacts\": [{\"capecId\": \"CAPEC-1\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"AiLux\", \"product\": \"imx6 bundle\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.0.7-2\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-5457\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A CWE-1269 \\u201cProduct Released in Non-Release Configuration\\u201d vulnerability in the Django web framework used by the web application (due to the \\u201cdebug\\u201d configuration parameter set to \\u201cTrue\\u201d) allows a remote unauthenticated attacker to access critical information and have other unspecified impacts to the confidentiality, integrity, and availability of the application. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A CWE-1269 \\u201cProduct Released in Non-Release Configuration\\u201d vulnerability in the Django web framework used by the web application (due to the \\u201cdebug\\u201d configuration parameter set to \\u201cTrue\\u201d) allows a remote unauthenticated attacker to access critical information and have other unspecified impacts to the confidentiality, integrity, and availability of the application. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1269\", \"description\": \"CWE-1269 Product Released in Non-Release Configuration\"}]}], \"providerMetadata\": {\"orgId\": \"bec8025f-a851-46e5-b3a3-058e6b0aa23c\", \"shortName\": \"Nozomi\", \"dateUpdated\": \"2024-03-05T11:15:01.811Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-5457\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-23T20:20:12.620Z\", \"dateReserved\": \"2023-10-09T08:27:02.527Z\", \"assignerOrgId\": \"bec8025f-a851-46e5-b3a3-058e6b0aa23c\", \"datePublished\": \"2024-03-05T11:15:01.811Z\", \"assignerShortName\": \"Nozomi\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…