github - ghsa-f78q-jqxf-66cm

ghsa-f78q-jqxf-66cm

Vulnerability from github

Published

2023-10-26 18:30

Modified

2023-11-07 21:30

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

The cookie session ID is of insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session, bypass authentication, and manipulate the transmitter.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-42769"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284",
      "CWE-307"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-26T17:15:08Z",
    "severity": "CRITICAL"
  },
  "details": "The cookie session ID is of insufficient length and can be exploited by \nbrute force, which may allow a remote attacker to obtain a valid \nsession, bypass authentication, and manipulate the transmitter.\n\n",
  "id": "GHSA-f78q-jqxf-66cm",
  "modified": "2023-11-07T21:30:22Z",
  "published": "2023-10-26T18:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42769"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
    },
    {
      "type": "WEB",
      "url": "https://www.sielco.org/en/contacts"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2023-42769

Vulnerability from cvelistv5

Published

2023-10-26 16:15

Modified

2024-08-02 19:30

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Sielco Radio Link and Analog FM Transmitters Improper Access Control

References

▼	URL	Tags
	https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08
	https://www.sielco.org/en/contacts

Impacted products

▼	Vendor	Product
	Sielco	Analog FM transmitter
	Sielco	Radio Link

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:30:24.286Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.sielco.org/en/contacts"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Analog FM transmitter",
          "vendor": "Sielco",
          "versions": [
            {
              "status": "affected",
              "version": "2.12 (EXC5000GX)"
            },
            {
              "status": "affected",
              "version": "2.12 (EXC120GX)"
            },
            {
              "status": "affected",
              "version": "2.11 (EXC300GX)"
            },
            {
              "status": "affected",
              "version": "2.10 (EXC1600GX)"
            },
            {
              "status": "affected",
              "version": "2.10 (EXC2000GX)"
            },
            {
              "status": "affected",
              "version": "2.08 (EXC1600GX)"
            },
            {
              "status": "affected",
              "version": "2.08 (EXC1000GX)"
            },
            {
              "status": "affected",
              "version": "2.07 (EXC3000GX)"
            },
            {
              "status": "affected",
              "version": "2.06 (EXC5000GX)"
            },
            {
              "status": "affected",
              "version": "1.7.7 (EXC30GT)"
            },
            {
              "status": "affected",
              "version": "1.7.4 (EXC300GT)"
            },
            {
              "status": "affected",
              "version": "1.7.4 (EXC100GT)"
            },
            {
              "status": "affected",
              "version": "1.7.4 (EXC5000GT)"
            },
            {
              "status": "affected",
              "version": "1.6.3 (EXC1000GT)"
            },
            {
              "status": "affected",
              "version": "1.5.4 (EXC120GT)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Radio Link",
          "vendor": "Sielco ",
          "versions": [
            {
              "status": "affected",
              "version": "2.06 (RTX19)"
            },
            {
              "status": "affected",
              "version": "2.05 (RTX19)"
            },
            {
              "status": "affected",
              "version": "2.00 (EXC19)"
            },
            {
              "status": "affected",
              "version": "1.60 (RTX19)"
            },
            {
              "status": "affected",
              "version": "1.59 (RTX19)"
            },
            {
              "status": "affected",
              "version": "1.55 (EXC19)"
            }
          ]
        }
      ],
      "datePublic": "2023-10-26T16:02:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\nThe cookie session ID is of insufficient length and can be exploited by \nbrute force, which may allow a remote attacker to obtain a valid \nsession, bypass authentication, and manipulate the transmitter.\n\n"
            }
          ],
          "value": "The cookie session ID is of insufficient length and can be exploited by \nbrute force, which may allow a remote attacker to obtain a valid \nsession, bypass authentication, and manipulate the transmitter.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284 Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-26T16:15:17.707Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
        },
        {
          "url": "https://www.sielco.org/en/contacts"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Sielco Radio Link and Analog FM Transmitters Improper Access Control",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\nSielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.sielco.org/en/contacts\"\u003ecustomer support\u003c/a\u003e\u0026nbsp;for additional information.\n\n\u003cbr\u003e"
            }
          ],
          "value": "Sielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco  customer support https://www.sielco.org/en/contacts \u00a0for additional information.\n\n\n"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2023-42769",
    "datePublished": "2023-10-26T16:15:17.707Z",
    "dateReserved": "2023-10-25T15:23:55.536Z",
    "dateUpdated": "2024-08-02T19:30:24.286Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted