Common Weakness Enumeration

CWE-288

Allowed

Authentication Bypass Using an Alternate Path or Channel

Abstraction: Base · Status: Incomplete

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

1072 vulnerabilities reference this CWE, most recent first.

CVE-2024-2055 (GCVE-0-2024-2055)

Vulnerability from cvelistv5 – Published: 2024-03-05 18:56 – Updated: 2025-02-13 17:32
VLAI
Title
Artica Proxy Unauthenticated File Manager Vulnerability
Summary
The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user.
SSVC
Exploitation: poc Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
  • CWE-552 - Files or Directories Accessible to External Parties
Assigner
AHA
Impacted products
Vendor Product Version
Artica Tech Artica Proxy Affected: 4.50
Affected: 4.40
Create a notification for this product.
articatech artica_proxy Affected: 4.50
Affected: 4.40
    cpe:2.3:a:articatech:artica_proxy:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-03-05 18:00
Credits
Jim Becher of KoreLogic, Inc.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:03:38.319Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://korelogic.com/Resources/Advisories/KL-001-2024-003.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Mar/13"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:articatech:artica_proxy:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "artica_proxy",
            "vendor": "articatech",
            "versions": [
              {
                "status": "affected",
                "version": "4.50"
              },
              {
                "status": "affected",
                "version": "4.40"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-2055",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-26T15:57:01.965216Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-26T15:57:07.088Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Artica Proxy",
          "vendor": "Artica Tech",
          "versions": [
            {
              "status": "affected",
              "version": "4.50"
            },
            {
              "status": "affected",
              "version": "4.40"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Jim Becher of KoreLogic, Inc."
        }
      ],
      "datePublic": "2024-03-05T18:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The \"Rich Filemanager\" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user."
            }
          ],
          "value": "The \"Rich Filemanager\" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-552",
              "description": "CWE-552 Files or Directories Accessible to External Parties",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-05T19:00:12.694Z",
        "orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
        "shortName": "AHA"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://korelogic.com/Resources/Advisories/KL-001-2024-003.txt"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Mar/13"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Artica Proxy Unauthenticated File Manager Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
    "assignerShortName": "AHA",
    "cveId": "CVE-2024-2055",
    "datePublished": "2024-03-05T18:56:33.232Z",
    "dateReserved": "2024-03-01T02:03:10.598Z",
    "dateUpdated": "2025-02-13T17:32:34.287Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-2013 (GCVE-0-2024-2013)

Vulnerability from cvelistv5 – Published: 2024-06-11 13:14 – Updated: 2024-08-01 18:56
VLAI
Summary
An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
Impacted products
Vendor Product Version
Hitachi Energy FOXMAN-UN Affected: FOXMAN-UN R16B PC2 (custom)
Unaffected: FOXMAN-UN R16B PC3 , ≤ FOXMAN-UN R16B PC4 (custom)
Affected: FOXMAN-UN R15B PC4 (custom)
Unaffected: FOXMAN-UN R15B PC5 (custom)
Affected: FOXMAN-UN R16A
Affected: FOXMAN-UN R15A
Create a notification for this product.
Hitachi Energy UNEM Affected: UNEM R16B PC2 (custom)
Unaffected: UNEM R16B PC3 , ≤ UNEM R16B PC4 (custom)
Affected: UNEM R15B PC4 (custom)
Affected: UNEM R15B PC5 (custom)
Affected: UNEM R16B
Affected: UNEM R15A
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-2013",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-12T18:16:13.737199Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-12T18:16:25.336Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:56:22.747Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FOXMAN-UN",
          "vendor": "Hitachi Energy",
          "versions": [
            {
              "status": "affected",
              "version": "FOXMAN-UN R16B PC2",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "FOXMAN-UN R16B PC4",
              "status": "unaffected",
              "version": "FOXMAN-UN R16B PC3",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "FOXMAN-UN R15B PC4",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "FOXMAN-UN R15B PC5",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "FOXMAN-UN R16A"
            },
            {
              "status": "affected",
              "version": "FOXMAN-UN R15A"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UNEM",
          "vendor": "Hitachi Energy",
          "versions": [
            {
              "status": "affected",
              "version": "UNEM R16B PC2",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "UNEM R16B PC4",
              "status": "unaffected",
              "version": "UNEM R16B PC3",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "UNEM R15B PC4",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "UNEM R15B PC5",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "UNEM R16B"
            },
            {
              "status": "affected",
              "version": "UNEM R15A"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server /\nAPI Gateway component that if exploited allows attackers without \nany access to interact with the services and the post-authentication \nattack surface."
            }
          ],
          "value": "An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server /\nAPI Gateway component that if exploited allows attackers without \nany access to interact with the services and the post-authentication \nattack surface."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-11T13:57:13.510Z",
        "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "shortName": "Hitachi Energy"
      },
      "references": [
        {
          "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
    "assignerShortName": "Hitachi Energy",
    "cveId": "CVE-2024-2013",
    "datePublished": "2024-06-11T13:14:40.501Z",
    "dateReserved": "2024-02-29T13:42:08.147Z",
    "dateUpdated": "2024-08-01T18:56:22.747Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-2012 (GCVE-0-2024-2012)

Vulnerability from cvelistv5 – Published: 2024-06-11 13:16 – Updated: 2024-08-01 18:56
VLAI
Summary
vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended behavior
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
Impacted products
Vendor Product Version
Hitachi Energy FOXMAN-UN Affected: FOXMAN-UN R16B PC2 (custom)
Unaffected: FOXMAN-UN R16B PC3 , ≤ FOXMAN-UN R16B PC4 (custom)
Affected: FOXMAN-UN R15B PC4 (custom)
Unaffected: FOXMAN-UN R15B PC5 (custom)
Affected: FOXMAN-UN R16A (custom)
Affected: FOXMAN-UN R15A (custom)
Create a notification for this product.
Hitachi Energy UNEM Affected: UNEM R16B PC2 (custom)
Unaffected: UNEM R16B PC3 , ≤ UNEM R16B PC4 (custom)
Affected: UNEM R15B PC4 (custom)
Affected: UNEM R15B PC5 (custom)
Affected: UNEM R15A (custom)
Affected: UNEM R16A (custom)
Create a notification for this product.
hitachienergy foxman_un Affected: pc2
    cpe:2.3:a:hitachienergy:foxman_un:r16b:*:*:*:*:*:*:*
Create a notification for this product.
hitachienergy foxman_un Unaffected: pc3
    cpe:2.3:a:hitachienergy:foxman_un:r16b:*:*:*:*:*:*:*
Create a notification for this product.
hitachienergy foxman_un Affected: pc4
    cpe:2.3:a:hitachienergy:foxman_un:r15b:*:*:*:*:*:*:*
Create a notification for this product.
hitachienergy foxman_un Unaffected: pc5
    cpe:2.3:a:hitachienergy:foxman_un:r15b:*:*:*:*:*:*:*
Create a notification for this product.
hitachienergy foxman_un Affected: r16a
    cpe:2.3:a:hitachienergy:foxman_un:r16a:*:*:*:*:*:*:*
Create a notification for this product.
hitachienergy foxman_un Affected: r15a
    cpe:2.3:a:hitachienergy:foxman_un:r15a:*:*:*:*:*:*:*
Create a notification for this product.
hitachienergy unem Affected: pc2
    cpe:2.3:a:hitachienergy:unem:r16b:*:*:*:*:*:*:*
Create a notification for this product.
hitachienergy unem Unaffected: pc3
    cpe:2.3:a:hitachienergy:unem:r16b:*:*:*:*:*:*:*
Create a notification for this product.
hitachienergy unem Affected: pc4
    cpe:2.3:a:hitachienergy:unem:r15b:*:*:*:*:*:*:*
Create a notification for this product.
hitachienergy unem Affected: pc5
    cpe:2.3:a:hitachienergy:unem:r15b:*:*:*:*:*:*:*
Create a notification for this product.
hitachienergy unem Affected: r15a
    cpe:2.3:a:hitachienergy:unem:r15a:*:*:*:*:*:*:*
Create a notification for this product.
hitachienergy unem Affected: r16a
    cpe:2.3:a:hitachienergy:unem:r16a:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:hitachienergy:foxman_un:r16b:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "foxman_un",
            "vendor": "hitachienergy",
            "versions": [
              {
                "status": "affected",
                "version": "pc2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:hitachienergy:foxman_un:r16b:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "foxman_un",
            "vendor": "hitachienergy",
            "versions": [
              {
                "status": "unaffected",
                "version": "pc3"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:hitachienergy:foxman_un:r15b:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "foxman_un",
            "vendor": "hitachienergy",
            "versions": [
              {
                "status": "affected",
                "version": "pc4"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:hitachienergy:foxman_un:r15b:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "foxman_un",
            "vendor": "hitachienergy",
            "versions": [
              {
                "status": "unaffected",
                "version": "pc5"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:hitachienergy:foxman_un:r16a:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "foxman_un",
            "vendor": "hitachienergy",
            "versions": [
              {
                "status": "affected",
                "version": "r16a"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:hitachienergy:foxman_un:r15a:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "foxman_un",
            "vendor": "hitachienergy",
            "versions": [
              {
                "status": "affected",
                "version": "r15a"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:hitachienergy:unem:r16b:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unem",
            "vendor": "hitachienergy",
            "versions": [
              {
                "status": "affected",
                "version": "pc2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:hitachienergy:unem:r16b:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unem",
            "vendor": "hitachienergy",
            "versions": [
              {
                "status": "unaffected",
                "version": "pc3"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:hitachienergy:unem:r15b:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unem",
            "vendor": "hitachienergy",
            "versions": [
              {
                "status": "affected",
                "version": "pc4"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:hitachienergy:unem:r15b:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unem",
            "vendor": "hitachienergy",
            "versions": [
              {
                "status": "affected",
                "version": "pc5"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:hitachienergy:unem:r15a:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unem",
            "vendor": "hitachienergy",
            "versions": [
              {
                "status": "affected",
                "version": "r15a"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:hitachienergy:unem:r16a:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unem",
            "vendor": "hitachienergy",
            "versions": [
              {
                "status": "affected",
                "version": "r16a"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-2012",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-11T15:24:47.544271Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-11T16:07:08.026Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:56:22.575Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FOXMAN-UN",
          "vendor": "Hitachi Energy",
          "versions": [
            {
              "status": "affected",
              "version": "FOXMAN-UN R16B PC2",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "FOXMAN-UN R16B PC4",
              "status": "unaffected",
              "version": "FOXMAN-UN R16B PC3",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "FOXMAN-UN R15B PC4",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "FOXMAN-UN R15B PC5",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "FOXMAN-UN R16A",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "FOXMAN-UN R15A",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UNEM",
          "vendor": "Hitachi Energy",
          "versions": [
            {
              "status": "affected",
              "version": "UNEM R16B PC2",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "UNEM R16B PC4",
              "status": "unaffected",
              "version": "UNEM R16B PC3",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "UNEM R15B PC4",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "UNEM R15B PC5",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "UNEM R15A",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "UNEM R16A",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or \ncode to be executed on the UNEM server allowing sensitive data to \nbe read or modified or could cause other unintended behavior"
            }
          ],
          "value": "vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or \ncode to be executed on the UNEM server allowing sensitive data to \nbe read or modified or could cause other unintended behavior"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-11T13:58:20.884Z",
        "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "shortName": "Hitachi Energy"
      },
      "references": [
        {
          "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000201\u0026languageCode=en\u0026Preview=true"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
    "assignerShortName": "Hitachi Energy",
    "cveId": "CVE-2024-2012",
    "datePublished": "2024-06-11T13:16:29.566Z",
    "dateReserved": "2024-02-29T13:42:06.985Z",
    "dateUpdated": "2024-08-01T18:56:22.575Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-1709 (GCVE-0-2024-1709)

Vulnerability from cvelistv5 – Published: 2024-02-21 15:36 – Updated: 2025-10-21 23:05
VLAI
Title
Authentication bypass using an alternate path or channel
Summary
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.
SSVC
Exploitation: active Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication bypass using an alternate path or channel
Assigner
Impacted products
Vendor Product Version
ConnectWise ScreenConnect Affected: 0 , ≤ 23.9.7 (custom)
Create a notification for this product.
connectwise screenconnect Affected: 0 , ≤ 23.9.7 (custom)
    cpe:2.3:a:connectwise:screenconnect:-:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:connectwise:screenconnect:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "screenconnect",
            "vendor": "connectwise",
            "versions": [
              {
                "lessThanOrEqual": "23.9.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-1709",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-24T05:00:21.568850Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-02-22",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1709"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:05:24.008Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1709"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2024-02-22T00:00:00.000Z",
            "value": "CVE-2024-1709 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:48:21.899Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/rapid7/metasploit-framework/pull/18870"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ScreenConnect",
          "vendor": "ConnectWise",
          "versions": [
            {
              "changes": [
                {
                  "at": "23.9.8",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "23.9.7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel\n\n vulnerability, which may allow an attacker direct access to confidential information or \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecritical systems.\u003c/span\u003e"
            }
          ],
          "value": "ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel\n\n vulnerability, which may allow an attacker direct access to confidential information or \n\ncritical systems."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication bypass using an alternate path or channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-21T18:25:45.687Z",
        "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "shortName": "cisa-cg"
      },
      "references": [
        {
          "url": "https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8"
        },
        {
          "url": "https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8"
        },
        {
          "url": "https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2"
        },
        {
          "url": "https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/"
        },
        {
          "url": "https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc"
        },
        {
          "url": "https://github.com/rapid7/metasploit-framework/pull/18870"
        },
        {
          "url": "https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/"
        },
        {
          "url": "https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/"
        },
        {
          "url": "https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/"
        },
        {
          "url": "https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Authentication bypass using an alternate path or channel",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
    "assignerShortName": "cisa-cg",
    "cveId": "CVE-2024-1709",
    "datePublished": "2024-02-21T15:36:03.960Z",
    "dateReserved": "2024-02-21T15:05:07.113Z",
    "dateUpdated": "2025-10-21T23:05:24.008Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-1646 (GCVE-0-2024-1646)

Vulnerability from cvelistv5 – Published: 2024-04-16 00:00 – Updated: 2024-08-01 18:48
VLAI
Title
Authentication Bypass in parisneo/lollms-webui
Summary
parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized access to endpoints such as '/restart_program', '/update_software', '/check_update', '/start_recording', and '/stop_recording'. This vulnerability can lead to denial of service, unauthorized disabling or overriding of recordings, and potentially other impacts if certain features are enabled in the configuration.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
Impacted products
Vendor Product Version
parisneo parisneo/lollms-webui Affected: unspecified , < 9.3 (custom)
Create a notification for this product.
parisneo lollms-webui Affected: *
    cpe:2.3:a:parisneo:lollms-webui:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:parisneo:lollms-webui:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lollms-webui",
            "vendor": "parisneo",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-1646",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-13T19:18:33.557762Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:59:30.637Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:48:20.668Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.com/bounties/2f769c46-aa85-4ab8-8b08-fe791313b7ba"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/parisneo/lollms-webui/commit/02e829b5653a1aa5dbbe9413ec84f96caa1274e8"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "parisneo/lollms-webui",
          "vendor": "parisneo",
          "versions": [
            {
              "lessThan": "9.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not \u00270.0.0.0\u0027 to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized access to endpoints such as \u0027/restart_program\u0027, \u0027/update_software\u0027, \u0027/check_update\u0027, \u0027/start_recording\u0027, and \u0027/stop_recording\u0027. This vulnerability can lead to denial of service, unauthorized disabling or overriding of recordings, and potentially other impacts if certain features are enabled in the configuration."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-16T11:10:34.706Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntr_ai"
      },
      "references": [
        {
          "url": "https://huntr.com/bounties/2f769c46-aa85-4ab8-8b08-fe791313b7ba"
        },
        {
          "url": "https://github.com/parisneo/lollms-webui/commit/02e829b5653a1aa5dbbe9413ec84f96caa1274e8"
        }
      ],
      "source": {
        "advisory": "2f769c46-aa85-4ab8-8b08-fe791313b7ba",
        "discovery": "EXTERNAL"
      },
      "title": "Authentication Bypass in parisneo/lollms-webui"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntr_ai",
    "cveId": "CVE-2024-1646",
    "datePublished": "2024-04-16T00:00:14.201Z",
    "dateReserved": "2024-02-19T21:27:04.120Z",
    "dateUpdated": "2024-08-01T18:48:20.668Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-1525 (GCVE-0-2024-1525)

Vulnerability from cvelistv5 – Published: 2024-02-21 23:30 – Updated: 2026-06-02 04:14
VLAI
Title
Authentication Bypass Using an Alternate Path or Channel in GitLab
Summary
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their password using their verified secondary email address and sign-in using direct authentication with the reset password, bypassing LDAP.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
Vendor Product Version
GitLab GitLab Affected: 16.1 , < 16.7.6 (semver)
Affected: 16.8 , < 16.8.3 (semver)
Affected: 16.9 , < 16.9.1 (semver)
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
This vulnerability was discovered internally by a GitLab team member, [Drew Blessing](https://gitlab.com/dblessing)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-1525",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-22T16:29:18.467492Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:54.930Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:40:21.306Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GitLab Issue #438144",
            "tags": [
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/438144"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "GitLab",
          "repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
          "vendor": "GitLab",
          "versions": [
            {
              "lessThan": "16.7.6",
              "status": "affected",
              "version": "16.1",
              "versionType": "semver"
            },
            {
              "lessThan": "16.8.3",
              "status": "affected",
              "version": "16.8",
              "versionType": "semver"
            },
            {
              "lessThan": "16.9.1",
              "status": "affected",
              "version": "16.9",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "This vulnerability was discovered internally by a GitLab team member, [Drew Blessing](https://gitlab.com/dblessing)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their password using their verified secondary email address and sign-in using direct authentication with the reset password, bypassing LDAP."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-02T04:14:44.730Z",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "name": "GitLab Issue #438144",
          "tags": [
            "issue-tracking"
          ],
          "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/438144"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to versions 16.7.6, 16.8.3, 16.9.1 or above."
        }
      ],
      "title": "Authentication Bypass Using an Alternate Path or Channel in GitLab"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2024-1525",
    "datePublished": "2024-02-21T23:30:44.816Z",
    "dateReserved": "2024-02-15T07:03:33.019Z",
    "dateUpdated": "2026-06-02T04:14:44.730Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-46747 (GCVE-0-2023-46747)

Vulnerability from cvelistv5 – Published: 2023-10-26 20:04 – Updated: 2025-10-21 23:05
VLAI
Title
BIG-IP Configuration utility unauthenticated remote code execution vulnerability
Summary
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
SSVC
Exploitation: active Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
f5
Impacted products
Vendor Product Version
F5 BIG-IP Affected: 17.1.0 , < * (semver)
Affected: 16.1.0 , < * (semver)
Affected: 15.1.0 , < * (semver)
Affected: 14.1.0 , < * (semver)
Affected: 13.1.0 , < * (semver)
Create a notification for this product.
Date Public
2023-10-26 17:00
Credits
F5 acknowledges Thomas Hendrickson and Michael Weber of Praetorian Security, Inc. for bringing this issue to our attention and following the highest standards of coordinated disclosure.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:53:21.594Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://my.f5.com/manage/s/article/K000137353"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/175673/F5-BIG-IP-TMUI-AJP-Smuggling-Remote-Command-Execution.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.secpod.com/blog/f5-issues-warning-big-ip-vulnerability-used-in-active-exploit-chain/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-46747",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-10T22:07:47.164316Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2023-10-31",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-46747"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:05:33.431Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-46747"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2023-10-31T00:00:00.000Z",
            "value": "CVE-2023-46747 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "All Modules"
          ],
          "product": "BIG-IP",
          "vendor": "F5",
          "versions": [
            {
              "changes": [
                {
                  "at": "Hotfix-BIGIP-17.1.0.3.0.75.4-ENG.iso",
                  "status": "unaffected"
                },
                {
                  "at": "Hotfix-BIGIP-17.1.1.0.2.6-ENG.iso",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "17.1.0",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "Hotfix-BIGIP-16.1.4.1.0.50.5-ENG.iso",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "16.1.0",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "Hotfix-BIGIP-15.1.10.2.0.44.2-ENG.iso",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "15.1.0",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "Hotfix-BIGIP-14.1.5.6.0.10.6-ENG.iso",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "14.1.0",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "Hotfix-BIGIP-13.1.5.1.0.20.2-ENG.iso",
                  "status": "unaffected"
                }
              ],
              "lessThan": "*",
              "status": "affected",
              "version": "13.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "F5 acknowledges Thomas Hendrickson and Michael Weber of Praetorian Security, Inc. for bringing this issue to our attention and following the highest standards of coordinated disclosure."
        }
      ],
      "datePublic": "2023-10-26T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cdiv\u003eUndisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated\u003c/span\u003e\u003c/div\u003e\u003c/span\u003e"
            }
          ],
          "value": "Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-16T01:59:49.829Z",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://my.f5.com/manage/s/article/K000137353"
        },
        {
          "url": "http://packetstormsecurity.com/files/175673/F5-BIG-IP-TMUI-AJP-Smuggling-Remote-Command-Execution.html"
        },
        {
          "url": "https://www.secpod.com/blog/f5-issues-warning-big-ip-vulnerability-used-in-active-exploit-chain/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "BIG-IP Configuration utility unauthenticated remote code execution vulnerability",
      "x_generator": {
        "engine": "F5 SIRTBot v1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2023-46747",
    "datePublished": "2023-10-26T20:04:53.929Z",
    "dateReserved": "2023-10-25T18:51:34.198Z",
    "dateUpdated": "2025-10-21T23:05:33.431Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-43045 (GCVE-0-2023-43045)

Vulnerability from cvelistv5 – Published: 2023-10-23 17:37 – Updated: 2024-09-11 14:15
VLAI
Title
IBM Sterling Partner Engagement Manager security bypass
Summary
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. IBM X-Force ID: 266896.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
ibm
Impacted products
Vendor Product Version
IBM Sterling Partner Engagement Manager Affected: 6.1.2, 6.2.0, 6.2.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:37:23.431Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7057409"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266896"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-43045",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-11T14:15:24.994854Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T14:15:35.899Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Sterling Partner Engagement Manager",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.1.2, 6.2.0, 6.2.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication.  IBM X-Force ID:  266896."
            }
          ],
          "value": "IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication.  IBM X-Force ID:  266896."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-23T17:37:04.158Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7057409"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266896"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Sterling Partner Engagement Manager security bypass",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-43045",
    "datePublished": "2023-10-23T17:37:04.158Z",
    "dateReserved": "2023-09-15T01:12:28.343Z",
    "dateUpdated": "2024-09-11T14:15:35.899Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-42770 (GCVE-0-2023-42770)

Vulnerability from cvelistv5 – Published: 2023-11-21 00:14 – Updated: 2025-06-11 14:03
VLAI
Title
Red Lion Controls Sixnet RTU Authentication Bypass Using An Alternative Path Or Channel
Summary
Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message is received over TCP/IP the RTU will simply accept the message with no authentication challenge.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using An Alternative Path Or Channel
Assigner
Date Public
2023-11-16 18:00
Credits
Nitsan Litov of Claroty Research - Team82 reported these vulnerabilities to CISA.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:30:24.517Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-01"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://https://support.redlion.net/hc/en-us/articles/19339209248269-RLCSIM-2023-05-Authentication-Bypass-and-Remote-Code-Execution"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-42770",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2023-12-09T05:05:23.134802Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-11T14:03:28.764Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ST-IPm-8460",
          "vendor": "Red Lion Controls",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.202"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ST-IPm-6350",
          "vendor": "Red Lion Controls",
          "versions": [
            {
              "status": "affected",
              "version": "4.9.114"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VT-mIPm-135-D",
          "vendor": "Red Lion Controls",
          "versions": [
            {
              "status": "affected",
              "version": "4.9.114"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VT-mIPm-245-D",
          "vendor": "Red Lion Controls",
          "versions": [
            {
              "status": "affected",
              "version": "4.9.114"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VT-IPm2m-213-D",
          "vendor": "Red Lion Controls",
          "versions": [
            {
              "status": "affected",
              "version": "4.9.114"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VT-IPm2m-113-D",
          "vendor": "Red Lion Controls",
          "versions": [
            {
              "status": "affected",
              "version": "4.9.114"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Nitsan Litov of Claroty Research - Team82 reported these vulnerabilities to CISA."
        }
      ],
      "datePublic": "2023-11-16T18:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eRed Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message is received over TCP/IP the RTU will simply accept the message with no authentication challenge.\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nRed Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message is received over TCP/IP the RTU will simply accept the message with no authentication challenge.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using An Alternative Path Or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-21T00:14:18.734Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-01"
        },
        {
          "url": "https://https://support.redlion.net/hc/en-us/articles/19339209248269-RLCSIM-2023-05-Authentication-Bypass-and-Remote-Code-Execution"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cp\u003eRed Lion recommends users apply the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.redlion.net/hc/en-us/articles/19338927539981-SixTRAK-and-VersaTRAK-Security-Patch-RLCSIM-2023-05\"\u003elatest patches\u003c/a\u003e\u0026nbsp;to their products.\u003c/p\u003e\u003cp\u003eRed Lion recommends users apply additional mitigations to help reduce the risk:\u003c/p\u003e\u003cul\u003e\u003cli\u003eEnable user authentication, see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.redlion.net/hc/en-us/articles/18190385510797-ACCESS-RTU-and-IO-How-to-install-a-patch-or-package-to-the-RTU\"\u003eRed Lion instructions\u003c/a\u003e.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eBlocking all or most Sixnet UDR messages over TCP/IP will eliminate authentication bypass. Sixnet UDR messages over TCP/IP will be ignored.\u003c/p\u003e\u003cp\u003eTo block all Sixnet UDR messages over TCP/IP install Patch1_tcp_udr_all_blocked.tar.gz.\u003c/p\u003e\u003cul\u003e\u003cli\u003eST-IPm-8460 \u2013 Install 8313_patch1_tcp_udr_all_blocked.tar.gz\u003c/li\u003e\u003cli\u003eST-IPm-6350/VT-mIPm-245-D/VT-mIPm-135-D/VT-IPm2m-213-D/VT-IPm2m-113-D \u2013 Install 855_patch1_tcp_udr_all_blocked.tar.gz\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eTo block all Sixnet UDR messages except I/O commands over TCP/IP and UDP/IP install Patch2_io_open.tar.gz.\u003c/p\u003e\u003cul\u003e\u003cli\u003eST-IPm-8460 \u2013 Install 8313_patch2_io_open.tar.gz\u003c/li\u003e\u003cli\u003eST-IPm-6350/VT-mIPm-245-D/VT-mIPm-135-D/VT-IPm2m-213-D/VT-IPm2m-113-D \u2013 Install 855_patch2_io_open.tar.gz\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eTo Block all Sixnet UDR messages over TCP/IP:\u003c/p\u003e\u003cul\u003e\u003cli\u003eEnable iptables rules to block TCP/IP traffic.\u003c/li\u003e\u003cli\u003eIn the Sixnet I/O Tool Kit go to Configuration\u0026gt;Configuration Station/Module\u0026gt;\"Ports\" tab\u0026gt;Security.\u003c/li\u003e\u003cli\u003eSelect the \"Load the this file with each station load\" radio button to load a custom rc.firewall configuration file. The rules below will allow all other traffic except Sixnet UDR over TCP/IP. Please Note: Two rules that are added in by default were removed because they will block all traffic going into the interface.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eRemove these rules from the default rc.firewall file:\u003c/p\u003e\u003cul\u003e\u003cli\u003eiptables -P INPUT DROP (Drops everything coming in)\u003c/li\u003e\u003cli\u003eiptables -P FORWARD DROP (Drops everything in FORWARD chain)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAdd one DROP rule which will drop all TCP/IP packet coming on UDR port 1594 by typing the following commands:\u003c/p\u003e\u003cul\u003e\u003cli\u003einsmodip_tables (Initialization)\u003c/li\u003e\u003cli\u003einsmodiptable_filter (Initialization)\u003c/li\u003e\u003cli\u003einsmodip_conntrack (Initialization)\u003c/li\u003e\u003cli\u003einsmodiptable_nat (Initialization)\u003c/li\u003e\u003cli\u003eiptables -F INPUT (Flushes INPUT chain)\u003c/li\u003e\u003cli\u003eiptables -F OUTPUT (Flushes OUTPUT chain)\u003c/li\u003e\u003cli\u003eiptables -F FORWARD (Flushes FORWARD chain)\u003c/li\u003e\u003cli\u003eiptables -Z (Zero counters)\u003c/li\u003e\u003cli\u003eiptables -P OUTPUT ACCEPT (Drops everything coming in, everything in FORWARD chain, and accepts everything going out)\u003c/li\u003e\u003cli\u003eiptables -A INPUT -p tcp --dport 1594 -j DROP (Allows local traffic and blocks all TCP traffic coming from 1594)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor installation instructions see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.redlion.net/hc/en-us/articles/18190385510797-ACCESS-RTU-and-IO-How-to-install-a-patch-or-package-to-the-RTU\"\u003eRed Lion\u0027s support page\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eFor more information, please refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.redlion.net/hc/en-us/articles/19339209248269-RLCSIM-2023-05-Authentication-Bypass-and-Remote-Code-Execution\"\u003eRed Lion\u2019s security bulletin\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "\nRed Lion recommends users apply the  latest patches https://support.redlion.net/hc/en-us/articles/19338927539981-SixTRAK-and-VersaTRAK-Security-Patch-RLCSIM-2023-05 \u00a0to their products.\n\nRed Lion recommends users apply additional mitigations to help reduce the risk:\n\n  *  Enable user authentication, see  Red Lion instructions https://support.redlion.net/hc/en-us/articles/18190385510797-ACCESS-RTU-and-IO-How-to-install-a-patch-or-package-to-the-RTU .\n\n\nBlocking all or most Sixnet UDR messages over TCP/IP will eliminate authentication bypass. Sixnet UDR messages over TCP/IP will be ignored.\n\nTo block all Sixnet UDR messages over TCP/IP install Patch1_tcp_udr_all_blocked.tar.gz.\n\n  *  ST-IPm-8460 \u2013 Install 8313_patch1_tcp_udr_all_blocked.tar.gz\n  *  ST-IPm-6350/VT-mIPm-245-D/VT-mIPm-135-D/VT-IPm2m-213-D/VT-IPm2m-113-D \u2013 Install 855_patch1_tcp_udr_all_blocked.tar.gz\n\n\nTo block all Sixnet UDR messages except I/O commands over TCP/IP and UDP/IP install Patch2_io_open.tar.gz.\n\n  *  ST-IPm-8460 \u2013 Install 8313_patch2_io_open.tar.gz\n  *  ST-IPm-6350/VT-mIPm-245-D/VT-mIPm-135-D/VT-IPm2m-213-D/VT-IPm2m-113-D \u2013 Install 855_patch2_io_open.tar.gz\n\n\nTo Block all Sixnet UDR messages over TCP/IP:\n\n  *  Enable iptables rules to block TCP/IP traffic.\n  *  In the Sixnet I/O Tool Kit go to Configuration\u003eConfiguration Station/Module\u003e\"Ports\" tab\u003eSecurity.\n  *  Select the \"Load the this file with each station load\" radio button to load a custom rc.firewall configuration file. The rules below will allow all other traffic except Sixnet UDR over TCP/IP. Please Note: Two rules that are added in by default were removed because they will block all traffic going into the interface.\n\n\nRemove these rules from the default rc.firewall file:\n\n  *  iptables -P INPUT DROP (Drops everything coming in)\n  *  iptables -P FORWARD DROP (Drops everything in FORWARD chain)\n\n\nAdd one DROP rule which will drop all TCP/IP packet coming on UDR port 1594 by typing the following commands:\n\n  *  insmodip_tables (Initialization)\n  *  insmodiptable_filter (Initialization)\n  *  insmodip_conntrack (Initialization)\n  *  insmodiptable_nat (Initialization)\n  *  iptables -F INPUT (Flushes INPUT chain)\n  *  iptables -F OUTPUT (Flushes OUTPUT chain)\n  *  iptables -F FORWARD (Flushes FORWARD chain)\n  *  iptables -Z (Zero counters)\n  *  iptables -P OUTPUT ACCEPT (Drops everything coming in, everything in FORWARD chain, and accepts everything going out)\n  *  iptables -A INPUT -p tcp --dport 1594 -j DROP (Allows local traffic and blocks all TCP traffic coming from 1594)\n\n\nFor installation instructions see  Red Lion\u0027s support page https://support.redlion.net/hc/en-us/articles/18190385510797-ACCESS-RTU-and-IO-How-to-install-a-patch-or-package-to-the-RTU .\n\nFor more information, please refer to  Red Lion\u2019s security bulletin https://support.redlion.net/hc/en-us/articles/19339209248269-RLCSIM-2023-05-Authentication-Bypass-and-Remote-Code-Execution .\n\n\n\n\n"
        }
      ],
      "source": {
        "advisory": "ICSA-23-320-01",
        "discovery": "EXTERNAL"
      },
      "title": "Red Lion Controls Sixnet RTU Authentication Bypass Using An Alternative Path Or Channel",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2023-42770",
    "datePublished": "2023-11-21T00:14:18.734Z",
    "dateReserved": "2023-09-18T22:41:48.077Z",
    "dateUpdated": "2025-06-11T14:03:28.764Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-41351 (GCVE-0-2023-41351)

Vulnerability from cvelistv5 – Published: 2023-11-03 05:41 – Updated: 2024-09-04 20:10
VLAI
Title
Chunghwa Telecom NOKIA G-040W-Q - Broken Access Control
Summary
Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL. This makes it possible for unauthenticated remote attackers to log in as any existing users, such as an administrator, to perform arbitrary system operations or disrupt service.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
Impacted products
Vendor Product Version
Chunghwa Telecom NOKIA G-040W-Q Affected: G040WQR201207
Create a notification for this product.
nokia g-040w-q_firmware Affected: G040WQR201207
    cpe:2.3:o:nokia:g-040w-q_firmware:g040wqr201207:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2023-11-03 06:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:01:34.243Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.twcert.org.tw/tw/cp-132-7501-6155a-1.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:nokia:g-040w-q_firmware:g040wqr201207:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "g-040w-q_firmware",
            "vendor": "nokia",
            "versions": [
              {
                "status": "affected",
                "version": "G040WQR201207"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-41351",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T20:06:40.510233Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T20:10:05.622Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "NOKIA G-040W-Q",
          "vendor": "Chunghwa Telecom",
          "versions": [
            {
              "status": "affected",
              "version": "G040WQR201207"
            }
          ]
        }
      ],
      "datePublic": "2023-11-03T06:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL. This makes it possible for unauthenticated remote attackers to log in as any existing users, such as an administrator, to perform arbitrary system operations or disrupt service."
            }
          ],
          "value": "Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL. This makes it possible for unauthenticated remote attackers to log in as any existing users, such as an administrator, to perform arbitrary system operations or disrupt service."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-665",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-665 Exploitation of Thunderbolt Protection Flaws"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-03T05:41:26.852Z",
        "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "shortName": "twcert"
      },
      "references": [
        {
          "url": "https://www.twcert.org.tw/tw/cp-132-7501-6155a-1.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nUpdate version to G040WQR231013.\n\n\u003cbr\u003e"
            }
          ],
          "value": "\nUpdate version to G040WQR231013.\n\n\n"
        }
      ],
      "source": {
        "advisory": "TVN-202311007",
        "discovery": "EXTERNAL"
      },
      "title": "Chunghwa Telecom NOKIA G-040W-Q - Broken Access Control",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
    "assignerShortName": "twcert",
    "cveId": "CVE-2023-41351",
    "datePublished": "2023-11-03T05:41:26.852Z",
    "dateReserved": "2023-08-29T00:11:47.812Z",
    "dateUpdated": "2024-09-04T20:10:05.622Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design

Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource.

CAPEC-127: Directory Indexing

An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.

CAPEC-665: Exploitation of Thunderbolt Protection Flaws

An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.