CWE-288
AllowedAuthentication Bypass Using an Alternate Path or Channel
Abstraction: Base · Status: Incomplete
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
1072 vulnerabilities reference this CWE, most recent first.
CVE-2024-2055 (GCVE-0-2024-2055)
Vulnerability from cvelistv5 – Published: 2024-03-05 18:56 – Updated: 2025-02-13 17:32| URL | Tags |
|---|---|
| https://korelogic.com/Resources/Advisories/KL-001… | third-party-advisory |
| http://seclists.org/fulldisclosure/2024/Mar/13 |
| Vendor | Product | Version | |
|---|---|---|---|
| Artica Tech | Artica Proxy |
Affected:
4.50
Affected: 4.40 |
|
| articatech | artica_proxy |
Affected:
4.50
Affected: 4.40 cpe:2.3:a:articatech:artica_proxy:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:03:38.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://korelogic.com/Resources/Advisories/KL-001-2024-003.txt"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/13"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:articatech:artica_proxy:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "artica_proxy",
"vendor": "articatech",
"versions": [
{
"status": "affected",
"version": "4.50"
},
{
"status": "affected",
"version": "4.40"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-2055",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-26T15:57:01.965216Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T15:57:07.088Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Artica Proxy",
"vendor": "Artica Tech",
"versions": [
{
"status": "affected",
"version": "4.50"
},
{
"status": "affected",
"version": "4.40"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jim Becher of KoreLogic, Inc."
}
],
"datePublic": "2024-03-05T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The \"Rich Filemanager\" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user."
}
],
"value": "The \"Rich Filemanager\" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-05T19:00:12.694Z",
"orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"shortName": "AHA"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://korelogic.com/Resources/Advisories/KL-001-2024-003.txt"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/13"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Artica Proxy Unauthenticated File Manager Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"assignerShortName": "AHA",
"cveId": "CVE-2024-2055",
"datePublished": "2024-03-05T18:56:33.232Z",
"dateReserved": "2024-03-01T02:03:10.598Z",
"dateUpdated": "2025-02-13T17:32:34.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2013 (GCVE-0-2024-2013)
Vulnerability from cvelistv5 – Published: 2024-06-11 13:14 – Updated: 2024-08-01 18:56- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi Energy | FOXMAN-UN |
Affected:
FOXMAN-UN R16B PC2
(custom)
Unaffected: FOXMAN-UN R16B PC3 , ≤ FOXMAN-UN R16B PC4 (custom) Affected: FOXMAN-UN R15B PC4 (custom) Unaffected: FOXMAN-UN R15B PC5 (custom) Affected: FOXMAN-UN R16A Affected: FOXMAN-UN R15A |
|
| Hitachi Energy | UNEM |
Affected:
UNEM R16B PC2
(custom)
Unaffected: UNEM R16B PC3 , ≤ UNEM R16B PC4 (custom) Affected: UNEM R15B PC4 (custom) Affected: UNEM R15B PC5 (custom) Affected: UNEM R16B Affected: UNEM R15A |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2013",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T18:16:13.737199Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T18:16:25.336Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:56:22.747Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FOXMAN-UN",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "FOXMAN-UN R16B PC2",
"versionType": "custom"
},
{
"lessThanOrEqual": "FOXMAN-UN R16B PC4",
"status": "unaffected",
"version": "FOXMAN-UN R16B PC3",
"versionType": "custom"
},
{
"status": "affected",
"version": "FOXMAN-UN R15B PC4",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FOXMAN-UN R15B PC5",
"versionType": "custom"
},
{
"status": "affected",
"version": "FOXMAN-UN R16A"
},
{
"status": "affected",
"version": "FOXMAN-UN R15A"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UNEM",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "UNEM R16B PC2",
"versionType": "custom"
},
{
"lessThanOrEqual": "UNEM R16B PC4",
"status": "unaffected",
"version": "UNEM R16B PC3",
"versionType": "custom"
},
{
"status": "affected",
"version": "UNEM R15B PC4",
"versionType": "custom"
},
{
"status": "affected",
"version": "UNEM R15B PC5",
"versionType": "custom"
},
{
"status": "affected",
"version": "UNEM R16B"
},
{
"status": "affected",
"version": "UNEM R15A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server /\nAPI Gateway component that if exploited allows attackers without \nany access to interact with the services and the post-authentication \nattack surface."
}
],
"value": "An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server /\nAPI Gateway component that if exploited allows attackers without \nany access to interact with the services and the post-authentication \nattack surface."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T13:57:13.510Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2024-2013",
"datePublished": "2024-06-11T13:14:40.501Z",
"dateReserved": "2024-02-29T13:42:08.147Z",
"dateUpdated": "2024-08-01T18:56:22.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2012 (GCVE-0-2024-2012)
Vulnerability from cvelistv5 – Published: 2024-06-11 13:16 – Updated: 2024-08-01 18:56- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi Energy | FOXMAN-UN |
Affected:
FOXMAN-UN R16B PC2
(custom)
Unaffected: FOXMAN-UN R16B PC3 , ≤ FOXMAN-UN R16B PC4 (custom) Affected: FOXMAN-UN R15B PC4 (custom) Unaffected: FOXMAN-UN R15B PC5 (custom) Affected: FOXMAN-UN R16A (custom) Affected: FOXMAN-UN R15A (custom) |
|
| Hitachi Energy | UNEM |
Affected:
UNEM R16B PC2
(custom)
Unaffected: UNEM R16B PC3 , ≤ UNEM R16B PC4 (custom) Affected: UNEM R15B PC4 (custom) Affected: UNEM R15B PC5 (custom) Affected: UNEM R15A (custom) Affected: UNEM R16A (custom) |
|
| hitachienergy | foxman_un |
Affected:
pc2
cpe:2.3:a:hitachienergy:foxman_un:r16b:*:*:*:*:*:*:* |
|
| hitachienergy | foxman_un |
Unaffected:
pc3
cpe:2.3:a:hitachienergy:foxman_un:r16b:*:*:*:*:*:*:* |
|
| hitachienergy | foxman_un |
Affected:
pc4
cpe:2.3:a:hitachienergy:foxman_un:r15b:*:*:*:*:*:*:* |
|
| hitachienergy | foxman_un |
Unaffected:
pc5
cpe:2.3:a:hitachienergy:foxman_un:r15b:*:*:*:*:*:*:* |
|
| hitachienergy | foxman_un |
Affected:
r16a
cpe:2.3:a:hitachienergy:foxman_un:r16a:*:*:*:*:*:*:* |
|
| hitachienergy | foxman_un |
Affected:
r15a
cpe:2.3:a:hitachienergy:foxman_un:r15a:*:*:*:*:*:*:* |
|
| hitachienergy | unem |
Affected:
pc2
cpe:2.3:a:hitachienergy:unem:r16b:*:*:*:*:*:*:* |
|
| hitachienergy | unem |
Unaffected:
pc3
cpe:2.3:a:hitachienergy:unem:r16b:*:*:*:*:*:*:* |
|
| hitachienergy | unem |
Affected:
pc4
cpe:2.3:a:hitachienergy:unem:r15b:*:*:*:*:*:*:* |
|
| hitachienergy | unem |
Affected:
pc5
cpe:2.3:a:hitachienergy:unem:r15b:*:*:*:*:*:*:* |
|
| hitachienergy | unem |
Affected:
r15a
cpe:2.3:a:hitachienergy:unem:r15a:*:*:*:*:*:*:* |
|
| hitachienergy | unem |
Affected:
r16a
cpe:2.3:a:hitachienergy:unem:r16a:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hitachienergy:foxman_un:r16b:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "foxman_un",
"vendor": "hitachienergy",
"versions": [
{
"status": "affected",
"version": "pc2"
}
]
},
{
"cpes": [
"cpe:2.3:a:hitachienergy:foxman_un:r16b:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "foxman_un",
"vendor": "hitachienergy",
"versions": [
{
"status": "unaffected",
"version": "pc3"
}
]
},
{
"cpes": [
"cpe:2.3:a:hitachienergy:foxman_un:r15b:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "foxman_un",
"vendor": "hitachienergy",
"versions": [
{
"status": "affected",
"version": "pc4"
}
]
},
{
"cpes": [
"cpe:2.3:a:hitachienergy:foxman_un:r15b:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "foxman_un",
"vendor": "hitachienergy",
"versions": [
{
"status": "unaffected",
"version": "pc5"
}
]
},
{
"cpes": [
"cpe:2.3:a:hitachienergy:foxman_un:r16a:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "foxman_un",
"vendor": "hitachienergy",
"versions": [
{
"status": "affected",
"version": "r16a"
}
]
},
{
"cpes": [
"cpe:2.3:a:hitachienergy:foxman_un:r15a:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "foxman_un",
"vendor": "hitachienergy",
"versions": [
{
"status": "affected",
"version": "r15a"
}
]
},
{
"cpes": [
"cpe:2.3:a:hitachienergy:unem:r16b:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unem",
"vendor": "hitachienergy",
"versions": [
{
"status": "affected",
"version": "pc2"
}
]
},
{
"cpes": [
"cpe:2.3:a:hitachienergy:unem:r16b:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unem",
"vendor": "hitachienergy",
"versions": [
{
"status": "unaffected",
"version": "pc3"
}
]
},
{
"cpes": [
"cpe:2.3:a:hitachienergy:unem:r15b:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unem",
"vendor": "hitachienergy",
"versions": [
{
"status": "affected",
"version": "pc4"
}
]
},
{
"cpes": [
"cpe:2.3:a:hitachienergy:unem:r15b:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unem",
"vendor": "hitachienergy",
"versions": [
{
"status": "affected",
"version": "pc5"
}
]
},
{
"cpes": [
"cpe:2.3:a:hitachienergy:unem:r15a:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unem",
"vendor": "hitachienergy",
"versions": [
{
"status": "affected",
"version": "r15a"
}
]
},
{
"cpes": [
"cpe:2.3:a:hitachienergy:unem:r16a:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unem",
"vendor": "hitachienergy",
"versions": [
{
"status": "affected",
"version": "r16a"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2012",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T15:24:47.544271Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T16:07:08.026Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:56:22.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FOXMAN-UN",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "FOXMAN-UN R16B PC2",
"versionType": "custom"
},
{
"lessThanOrEqual": "FOXMAN-UN R16B PC4",
"status": "unaffected",
"version": "FOXMAN-UN R16B PC3",
"versionType": "custom"
},
{
"status": "affected",
"version": "FOXMAN-UN R15B PC4",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "FOXMAN-UN R15B PC5",
"versionType": "custom"
},
{
"status": "affected",
"version": "FOXMAN-UN R16A",
"versionType": "custom"
},
{
"status": "affected",
"version": "FOXMAN-UN R15A",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UNEM",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "UNEM R16B PC2",
"versionType": "custom"
},
{
"lessThanOrEqual": "UNEM R16B PC4",
"status": "unaffected",
"version": "UNEM R16B PC3",
"versionType": "custom"
},
{
"status": "affected",
"version": "UNEM R15B PC4",
"versionType": "custom"
},
{
"status": "affected",
"version": "UNEM R15B PC5",
"versionType": "custom"
},
{
"status": "affected",
"version": "UNEM R15A",
"versionType": "custom"
},
{
"status": "affected",
"version": "UNEM R16A",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or \ncode to be executed on the UNEM server allowing sensitive data to \nbe read or modified or could cause other unintended behavior"
}
],
"value": "vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or \ncode to be executed on the UNEM server allowing sensitive data to \nbe read or modified or could cause other unintended behavior"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T13:58:20.884Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2024-2012",
"datePublished": "2024-06-11T13:16:29.566Z",
"dateReserved": "2024-02-29T13:42:06.985Z",
"dateUpdated": "2024-08-01T18:56:22.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1709 (GCVE-0-2024-1709)
Vulnerability from cvelistv5 – Published: 2024-02-21 15:36 – Updated: 2025-10-21 23:05- CWE-288 - Authentication bypass using an alternate path or channel
| Vendor | Product | Version | |
|---|---|---|---|
| ConnectWise | ScreenConnect |
Affected:
0 , ≤ 23.9.7
(custom)
|
|
| connectwise | screenconnect |
Affected:
0 , ≤ 23.9.7
(custom)
cpe:2.3:a:connectwise:screenconnect:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:connectwise:screenconnect:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "screenconnect",
"vendor": "connectwise",
"versions": [
{
"lessThanOrEqual": "23.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1709",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-24T05:00:21.568850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-02-22",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1709"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:24.008Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1709"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-02-22T00:00:00.000Z",
"value": "CVE-2024-1709 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:48:21.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/18870"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/"
},
{
"tags": [
"x_transferred"
],
"url": "https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ScreenConnect",
"vendor": "ConnectWise",
"versions": [
{
"changes": [
{
"at": "23.9.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "23.9.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel\n\n vulnerability, which may allow an attacker direct access to confidential information or \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecritical systems.\u003c/span\u003e"
}
],
"value": "ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel\n\n vulnerability, which may allow an attacker direct access to confidential information or \n\ncritical systems."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication bypass using an alternate path or channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-21T18:25:45.687Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"url": "https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8"
},
{
"url": "https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8"
},
{
"url": "https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2"
},
{
"url": "https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/"
},
{
"url": "https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc"
},
{
"url": "https://github.com/rapid7/metasploit-framework/pull/18870"
},
{
"url": "https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/"
},
{
"url": "https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/"
},
{
"url": "https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/"
},
{
"url": "https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authentication bypass using an alternate path or channel",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2024-1709",
"datePublished": "2024-02-21T15:36:03.960Z",
"dateReserved": "2024-02-21T15:05:07.113Z",
"dateUpdated": "2025-10-21T23:05:24.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1646 (GCVE-0-2024-1646)
Vulnerability from cvelistv5 – Published: 2024-04-16 00:00 – Updated: 2024-08-01 18:48- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
| Vendor | Product | Version | |
|---|---|---|---|
| parisneo | parisneo/lollms-webui |
Affected:
unspecified , < 9.3
(custom)
|
|
| parisneo | lollms-webui |
Affected:
*
cpe:2.3:a:parisneo:lollms-webui:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:parisneo:lollms-webui:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lollms-webui",
"vendor": "parisneo",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1646",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-13T19:18:33.557762Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:59:30.637Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:48:20.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/2f769c46-aa85-4ab8-8b08-fe791313b7ba"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/parisneo/lollms-webui/commit/02e829b5653a1aa5dbbe9413ec84f96caa1274e8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "parisneo/lollms-webui",
"vendor": "parisneo",
"versions": [
{
"lessThan": "9.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not \u00270.0.0.0\u0027 to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized access to endpoints such as \u0027/restart_program\u0027, \u0027/update_software\u0027, \u0027/check_update\u0027, \u0027/start_recording\u0027, and \u0027/stop_recording\u0027. This vulnerability can lead to denial of service, unauthorized disabling or overriding of recordings, and potentially other impacts if certain features are enabled in the configuration."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-16T11:10:34.706Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/2f769c46-aa85-4ab8-8b08-fe791313b7ba"
},
{
"url": "https://github.com/parisneo/lollms-webui/commit/02e829b5653a1aa5dbbe9413ec84f96caa1274e8"
}
],
"source": {
"advisory": "2f769c46-aa85-4ab8-8b08-fe791313b7ba",
"discovery": "EXTERNAL"
},
"title": "Authentication Bypass in parisneo/lollms-webui"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-1646",
"datePublished": "2024-04-16T00:00:14.201Z",
"dateReserved": "2024-02-19T21:27:04.120Z",
"dateUpdated": "2024-08-01T18:48:20.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1525 (GCVE-0-2024-1525)
Vulnerability from cvelistv5 – Published: 2024-02-21 23:30 – Updated: 2026-06-02 04:14- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
| URL | Tags |
|---|---|
| https://gitlab.com/gitlab-org/gitlab/-/issues/438144 | issue-tracking |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1525",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T16:29:18.467492Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:54.930Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:40:21.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GitLab Issue #438144",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/438144"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "16.7.6",
"status": "affected",
"version": "16.1",
"versionType": "semver"
},
{
"lessThan": "16.8.3",
"status": "affected",
"version": "16.8",
"versionType": "semver"
},
{
"lessThan": "16.9.1",
"status": "affected",
"version": "16.9",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability was discovered internally by a GitLab team member, [Drew Blessing](https://gitlab.com/dblessing)"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their password using their verified secondary email address and sign-in using direct authentication with the reset password, bypassing LDAP."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T04:14:44.730Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Issue #438144",
"tags": [
"issue-tracking"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/438144"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 16.7.6, 16.8.3, 16.9.1 or above."
}
],
"title": "Authentication Bypass Using an Alternate Path or Channel in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2024-1525",
"datePublished": "2024-02-21T23:30:44.816Z",
"dateReserved": "2024-02-15T07:03:33.019Z",
"dateUpdated": "2026-06-02T04:14:44.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-46747 (GCVE-0-2023-46747)
Vulnerability from cvelistv5 – Published: 2023-10-26 20:04 – Updated: 2025-10-21 23:05- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:21.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000137353"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175673/F5-BIG-IP-TMUI-AJP-Smuggling-Remote-Command-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.secpod.com/blog/f5-issues-warning-big-ip-vulnerability-used-in-active-exploit-chain/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46747",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T22:07:47.164316Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-10-31",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-46747"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:33.431Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-46747"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-31T00:00:00.000Z",
"value": "CVE-2023-46747 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"All Modules"
],
"product": "BIG-IP",
"vendor": "F5",
"versions": [
{
"changes": [
{
"at": "Hotfix-BIGIP-17.1.0.3.0.75.4-ENG.iso",
"status": "unaffected"
},
{
"at": "Hotfix-BIGIP-17.1.1.0.2.6-ENG.iso",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "17.1.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "Hotfix-BIGIP-16.1.4.1.0.50.5-ENG.iso",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "16.1.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "Hotfix-BIGIP-15.1.10.2.0.44.2-ENG.iso",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "15.1.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "Hotfix-BIGIP-14.1.5.6.0.10.6-ENG.iso",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "14.1.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "Hotfix-BIGIP-13.1.5.1.0.20.2-ENG.iso",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "13.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "F5 acknowledges Thomas Hendrickson and Michael Weber of Praetorian Security, Inc. for bringing this issue to our attention and following the highest standards of coordinated disclosure."
}
],
"datePublic": "2023-10-26T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cdiv\u003eUndisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated\u003c/span\u003e\u003c/div\u003e\u003c/span\u003e"
}
],
"value": "Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-16T01:59:49.829Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000137353"
},
{
"url": "http://packetstormsecurity.com/files/175673/F5-BIG-IP-TMUI-AJP-Smuggling-Remote-Command-Execution.html"
},
{
"url": "https://www.secpod.com/blog/f5-issues-warning-big-ip-vulnerability-used-in-active-exploit-chain/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "BIG-IP Configuration utility unauthenticated remote code execution vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2023-46747",
"datePublished": "2023-10-26T20:04:53.929Z",
"dateReserved": "2023-10-25T18:51:34.198Z",
"dateUpdated": "2025-10-21T23:05:33.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43045 (GCVE-0-2023-43045)
Vulnerability from cvelistv5 – Published: 2023-10-23 17:37 – Updated: 2024-09-11 14:15- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7057409 | vendor-advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entry |
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Sterling Partner Engagement Manager |
Affected:
6.1.2, 6.2.0, 6.2.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:37:23.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7057409"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266896"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43045",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T14:15:24.994854Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T14:15:35.899Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sterling Partner Engagement Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.1.2, 6.2.0, 6.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. IBM X-Force ID: 266896."
}
],
"value": "IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. IBM X-Force ID: 266896."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-23T17:37:04.158Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7057409"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266896"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling Partner Engagement Manager security bypass",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-43045",
"datePublished": "2023-10-23T17:37:04.158Z",
"dateReserved": "2023-09-15T01:12:28.343Z",
"dateUpdated": "2024-09-11T14:15:35.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42770 (GCVE-0-2023-42770)
Vulnerability from cvelistv5 – Published: 2023-11-21 00:14 – Updated: 2025-06-11 14:03- CWE-288 - Authentication Bypass Using An Alternative Path Or Channel
| Vendor | Product | Version | |
|---|---|---|---|
| Red Lion Controls | ST-IPm-8460 |
Affected:
6.0.202
|
|
| Red Lion Controls | ST-IPm-6350 |
Affected:
4.9.114
|
|
| Red Lion Controls | VT-mIPm-135-D |
Affected:
4.9.114
|
|
| Red Lion Controls | VT-mIPm-245-D |
Affected:
4.9.114
|
|
| Red Lion Controls | VT-IPm2m-213-D |
Affected:
4.9.114
|
|
| Red Lion Controls | VT-IPm2m-113-D |
Affected:
4.9.114
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:30:24.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://https://support.redlion.net/hc/en-us/articles/19339209248269-RLCSIM-2023-05-Authentication-Bypass-and-Remote-Code-Execution"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42770",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-09T05:05:23.134802Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T14:03:28.764Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ST-IPm-8460",
"vendor": "Red Lion Controls",
"versions": [
{
"status": "affected",
"version": "6.0.202"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ST-IPm-6350",
"vendor": "Red Lion Controls",
"versions": [
{
"status": "affected",
"version": "4.9.114"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VT-mIPm-135-D",
"vendor": "Red Lion Controls",
"versions": [
{
"status": "affected",
"version": "4.9.114"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VT-mIPm-245-D",
"vendor": "Red Lion Controls",
"versions": [
{
"status": "affected",
"version": "4.9.114"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VT-IPm2m-213-D",
"vendor": "Red Lion Controls",
"versions": [
{
"status": "affected",
"version": "4.9.114"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VT-IPm2m-113-D",
"vendor": "Red Lion Controls",
"versions": [
{
"status": "affected",
"version": "4.9.114"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nitsan Litov of Claroty Research - Team82 reported these vulnerabilities to CISA."
}
],
"datePublic": "2023-11-16T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eRed Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message is received over TCP/IP the RTU will simply accept the message with no authentication challenge.\u003c/span\u003e\n\n"
}
],
"value": "\nRed Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message is received over TCP/IP the RTU will simply accept the message with no authentication challenge.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using An Alternative Path Or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-21T00:14:18.734Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-01"
},
{
"url": "https://https://support.redlion.net/hc/en-us/articles/19339209248269-RLCSIM-2023-05-Authentication-Bypass-and-Remote-Code-Execution"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eRed Lion recommends users apply the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.redlion.net/hc/en-us/articles/19338927539981-SixTRAK-and-VersaTRAK-Security-Patch-RLCSIM-2023-05\"\u003elatest patches\u003c/a\u003e\u0026nbsp;to their products.\u003c/p\u003e\u003cp\u003eRed Lion recommends users apply additional mitigations to help reduce the risk:\u003c/p\u003e\u003cul\u003e\u003cli\u003eEnable user authentication, see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.redlion.net/hc/en-us/articles/18190385510797-ACCESS-RTU-and-IO-How-to-install-a-patch-or-package-to-the-RTU\"\u003eRed Lion instructions\u003c/a\u003e.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eBlocking all or most Sixnet UDR messages over TCP/IP will eliminate authentication bypass. Sixnet UDR messages over TCP/IP will be ignored.\u003c/p\u003e\u003cp\u003eTo block all Sixnet UDR messages over TCP/IP install Patch1_tcp_udr_all_blocked.tar.gz.\u003c/p\u003e\u003cul\u003e\u003cli\u003eST-IPm-8460 \u2013 Install 8313_patch1_tcp_udr_all_blocked.tar.gz\u003c/li\u003e\u003cli\u003eST-IPm-6350/VT-mIPm-245-D/VT-mIPm-135-D/VT-IPm2m-213-D/VT-IPm2m-113-D \u2013 Install 855_patch1_tcp_udr_all_blocked.tar.gz\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eTo block all Sixnet UDR messages except I/O commands over TCP/IP and UDP/IP install Patch2_io_open.tar.gz.\u003c/p\u003e\u003cul\u003e\u003cli\u003eST-IPm-8460 \u2013 Install 8313_patch2_io_open.tar.gz\u003c/li\u003e\u003cli\u003eST-IPm-6350/VT-mIPm-245-D/VT-mIPm-135-D/VT-IPm2m-213-D/VT-IPm2m-113-D \u2013 Install 855_patch2_io_open.tar.gz\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eTo Block all Sixnet UDR messages over TCP/IP:\u003c/p\u003e\u003cul\u003e\u003cli\u003eEnable iptables rules to block TCP/IP traffic.\u003c/li\u003e\u003cli\u003eIn the Sixnet I/O Tool Kit go to Configuration\u0026gt;Configuration Station/Module\u0026gt;\"Ports\" tab\u0026gt;Security.\u003c/li\u003e\u003cli\u003eSelect the \"Load the this file with each station load\" radio button to load a custom rc.firewall configuration file. The rules below will allow all other traffic except Sixnet UDR over TCP/IP. Please Note: Two rules that are added in by default were removed because they will block all traffic going into the interface.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eRemove these rules from the default rc.firewall file:\u003c/p\u003e\u003cul\u003e\u003cli\u003eiptables -P INPUT DROP (Drops everything coming in)\u003c/li\u003e\u003cli\u003eiptables -P FORWARD DROP (Drops everything in FORWARD chain)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAdd one DROP rule which will drop all TCP/IP packet coming on UDR port 1594 by typing the following commands:\u003c/p\u003e\u003cul\u003e\u003cli\u003einsmodip_tables (Initialization)\u003c/li\u003e\u003cli\u003einsmodiptable_filter (Initialization)\u003c/li\u003e\u003cli\u003einsmodip_conntrack (Initialization)\u003c/li\u003e\u003cli\u003einsmodiptable_nat (Initialization)\u003c/li\u003e\u003cli\u003eiptables -F INPUT (Flushes INPUT chain)\u003c/li\u003e\u003cli\u003eiptables -F OUTPUT (Flushes OUTPUT chain)\u003c/li\u003e\u003cli\u003eiptables -F FORWARD (Flushes FORWARD chain)\u003c/li\u003e\u003cli\u003eiptables -Z (Zero counters)\u003c/li\u003e\u003cli\u003eiptables -P OUTPUT ACCEPT (Drops everything coming in, everything in FORWARD chain, and accepts everything going out)\u003c/li\u003e\u003cli\u003eiptables -A INPUT -p tcp --dport 1594 -j DROP (Allows local traffic and blocks all TCP traffic coming from 1594)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor installation instructions see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.redlion.net/hc/en-us/articles/18190385510797-ACCESS-RTU-and-IO-How-to-install-a-patch-or-package-to-the-RTU\"\u003eRed Lion\u0027s support page\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eFor more information, please refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.redlion.net/hc/en-us/articles/19339209248269-RLCSIM-2023-05-Authentication-Bypass-and-Remote-Code-Execution\"\u003eRed Lion\u2019s security bulletin\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nRed Lion recommends users apply the latest patches https://support.redlion.net/hc/en-us/articles/19338927539981-SixTRAK-and-VersaTRAK-Security-Patch-RLCSIM-2023-05 \u00a0to their products.\n\nRed Lion recommends users apply additional mitigations to help reduce the risk:\n\n * Enable user authentication, see Red Lion instructions https://support.redlion.net/hc/en-us/articles/18190385510797-ACCESS-RTU-and-IO-How-to-install-a-patch-or-package-to-the-RTU .\n\n\nBlocking all or most Sixnet UDR messages over TCP/IP will eliminate authentication bypass. Sixnet UDR messages over TCP/IP will be ignored.\n\nTo block all Sixnet UDR messages over TCP/IP install Patch1_tcp_udr_all_blocked.tar.gz.\n\n * ST-IPm-8460 \u2013 Install 8313_patch1_tcp_udr_all_blocked.tar.gz\n * ST-IPm-6350/VT-mIPm-245-D/VT-mIPm-135-D/VT-IPm2m-213-D/VT-IPm2m-113-D \u2013 Install 855_patch1_tcp_udr_all_blocked.tar.gz\n\n\nTo block all Sixnet UDR messages except I/O commands over TCP/IP and UDP/IP install Patch2_io_open.tar.gz.\n\n * ST-IPm-8460 \u2013 Install 8313_patch2_io_open.tar.gz\n * ST-IPm-6350/VT-mIPm-245-D/VT-mIPm-135-D/VT-IPm2m-213-D/VT-IPm2m-113-D \u2013 Install 855_patch2_io_open.tar.gz\n\n\nTo Block all Sixnet UDR messages over TCP/IP:\n\n * Enable iptables rules to block TCP/IP traffic.\n * In the Sixnet I/O Tool Kit go to Configuration\u003eConfiguration Station/Module\u003e\"Ports\" tab\u003eSecurity.\n * Select the \"Load the this file with each station load\" radio button to load a custom rc.firewall configuration file. The rules below will allow all other traffic except Sixnet UDR over TCP/IP. Please Note: Two rules that are added in by default were removed because they will block all traffic going into the interface.\n\n\nRemove these rules from the default rc.firewall file:\n\n * iptables -P INPUT DROP (Drops everything coming in)\n * iptables -P FORWARD DROP (Drops everything in FORWARD chain)\n\n\nAdd one DROP rule which will drop all TCP/IP packet coming on UDR port 1594 by typing the following commands:\n\n * insmodip_tables (Initialization)\n * insmodiptable_filter (Initialization)\n * insmodip_conntrack (Initialization)\n * insmodiptable_nat (Initialization)\n * iptables -F INPUT (Flushes INPUT chain)\n * iptables -F OUTPUT (Flushes OUTPUT chain)\n * iptables -F FORWARD (Flushes FORWARD chain)\n * iptables -Z (Zero counters)\n * iptables -P OUTPUT ACCEPT (Drops everything coming in, everything in FORWARD chain, and accepts everything going out)\n * iptables -A INPUT -p tcp --dport 1594 -j DROP (Allows local traffic and blocks all TCP traffic coming from 1594)\n\n\nFor installation instructions see Red Lion\u0027s support page https://support.redlion.net/hc/en-us/articles/18190385510797-ACCESS-RTU-and-IO-How-to-install-a-patch-or-package-to-the-RTU .\n\nFor more information, please refer to Red Lion\u2019s security bulletin https://support.redlion.net/hc/en-us/articles/19339209248269-RLCSIM-2023-05-Authentication-Bypass-and-Remote-Code-Execution .\n\n\n\n\n"
}
],
"source": {
"advisory": "ICSA-23-320-01",
"discovery": "EXTERNAL"
},
"title": "Red Lion Controls Sixnet RTU Authentication Bypass Using An Alternative Path Or Channel",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-42770",
"datePublished": "2023-11-21T00:14:18.734Z",
"dateReserved": "2023-09-18T22:41:48.077Z",
"dateUpdated": "2025-06-11T14:03:28.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41351 (GCVE-0-2023-41351)
Vulnerability from cvelistv5 – Published: 2023-11-03 05:41 – Updated: 2024-09-04 20:10- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
| Vendor | Product | Version | |
|---|---|---|---|
| Chunghwa Telecom | NOKIA G-040W-Q |
Affected:
G040WQR201207
|
|
| nokia | g-040w-q_firmware |
Affected:
G040WQR201207
cpe:2.3:o:nokia:g-040w-q_firmware:g040wqr201207:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:01:34.243Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7501-6155a-1.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:nokia:g-040w-q_firmware:g040wqr201207:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "g-040w-q_firmware",
"vendor": "nokia",
"versions": [
{
"status": "affected",
"version": "G040WQR201207"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41351",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T20:06:40.510233Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T20:10:05.622Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NOKIA G-040W-Q",
"vendor": "Chunghwa Telecom",
"versions": [
{
"status": "affected",
"version": "G040WQR201207"
}
]
}
],
"datePublic": "2023-11-03T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL. This makes it possible for unauthenticated remote attackers to log in as any existing users, such as an administrator, to perform arbitrary system operations or disrupt service."
}
],
"value": "Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL. This makes it possible for unauthenticated remote attackers to log in as any existing users, such as an administrator, to perform arbitrary system operations or disrupt service."
}
],
"impacts": [
{
"capecId": "CAPEC-665",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-665 Exploitation of Thunderbolt Protection Flaws"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-03T05:41:26.852Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7501-6155a-1.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nUpdate version to G040WQR231013.\n\n\u003cbr\u003e"
}
],
"value": "\nUpdate version to G040WQR231013.\n\n\n"
}
],
"source": {
"advisory": "TVN-202311007",
"discovery": "EXTERNAL"
},
"title": "Chunghwa Telecom NOKIA G-040W-Q - Broken Access Control",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2023-41351",
"datePublished": "2023-11-03T05:41:26.852Z",
"dateReserved": "2023-08-29T00:11:47.812Z",
"dateUpdated": "2024-09-04T20:10:05.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.
CAPEC-127: Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.