FKIE_CVE-2023-41920

Vulnerability from fkie_nvd - Published: 2024-07-02 08:15 - Updated: 2024-11-21 08:21
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The vulnerability allows attackers access to the root account without having to authenticate. Specifically, if the device is configured with the IP address of 10.10.10.10, the root user is automatically logged in.
References
cert@ncsc.nlhttps://advisories.ncsc.nl/advisory?id=NCSC-2024-0273
af854a3a-2127-422b-91ae-364da2661108https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The vulnerability allows attackers access to the root account without having to authenticate. Specifically, if the device is configured with the IP address of 10.10.10.10, the root user is automatically logged in."
    },
    {
      "lang": "es",
      "value": "La vulnerabilidad permite a los atacantes acceder a la cuenta ra\u00edz sin tener que autenticarse. Espec\u00edficamente, si el dispositivo est\u00e1 configurado con la direcci\u00f3n IP 10.10.10.10, el usuario root inicia sesi\u00f3n autom\u00e1ticamente."
    }
  ],
  "id": "CVE-2023-41920",
  "lastModified": "2024-11-21T08:21:55.490",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "cert@ncsc.nl",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-07-02T08:15:03.950",
  "references": [
    {
      "source": "cert@ncsc.nl",
      "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
    }
  ],
  "sourceIdentifier": "cert@ncsc.nl",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-305"
        }
      ],
      "source": "cert@ncsc.nl",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.