Lucene search

NozomiCVE-2023-2538

HistoryJul 05, 2023 - 1:15 p.m.

CVE-2023-2538

2023-07-0513:15:09

CWE-552

Nozomi

web.nvd.nist.gov

cwe-552

tyan s5552

bmc

v3.00

unauthenticated access

remote attacker

tls certificate

forced browsing

mitm attack

nvd

CVSS3

5.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

36.1%

JSON

A CWE-552 "Files or Directories Accessible to External Parties” in the web interface of the Tyan S5552 BMC version 3.00 allows an unauthenticated remote attacker to retrieve the private key of the TLS certificate in use by the BMC via forced browsing. This can then be abused to perform Man-in-the-Middle (MitM) attacks against victims that access the web interface through HTTPS.

Affected configurations

Nvd

Node

tyans5552\/s5552wgm4nr-exMatch-

AND

tyans5552\/s5552wgm4nr-ex_firmwareMatch3.0.0

Node

tyans5552\/s5552wgm4nrMatch-

AND

tyans5552\/s5552wgm4nr_firmwareMatch3.0.0

Node

tyans5552\/s5552gm4nrMatch-

AND

tyans5552\/s5552gm4nr_firmwareMatch3.0.0

Node

tyans5552\/s5552gm2nrMatch-

AND

tyans5552\/s5552gm2nr_firmwareMatch3.0.0

VendorProductVersionCPE
tyans5552\/s5552wgm4nr-ex-cpe:2.3:h:tyan:s5552\/s5552wgm4nr-ex:-:*:*:*:*:*:*:*
tyans5552\/s5552wgm4nr-ex_firmware3.0.0cpe:2.3:o:tyan:s5552\/s5552wgm4nr-ex_firmware:3.0.0:*:*:*:*:*:*:*
tyans5552\/s5552wgm4nr-cpe:2.3:h:tyan:s5552\/s5552wgm4nr:-:*:*:*:*:*:*:*
tyans5552\/s5552wgm4nr_firmware3.0.0cpe:2.3:o:tyan:s5552\/s5552wgm4nr_firmware:3.0.0:*:*:*:*:*:*:*
tyans5552\/s5552gm4nr-cpe:2.3:h:tyan:s5552\/s5552gm4nr:-:*:*:*:*:*:*:*
tyans5552\/s5552gm4nr_firmware3.0.0cpe:2.3:o:tyan:s5552\/s5552gm4nr_firmware:3.0.0:*:*:*:*:*:*:*
tyans5552\/s5552gm2nr-cpe:2.3:h:tyan:s5552\/s5552gm2nr:-:*:*:*:*:*:*:*
tyans5552\/s5552gm2nr_firmware3.0.0cpe:2.3:o:tyan:s5552\/s5552gm2nr_firmware:3.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tyan	s5552\/s5552wgm4nr-ex	-	cpe:2.3:h:tyan:s5552\/s5552wgm4nr-ex:-:::::::*
tyan	s5552\/s5552wgm4nr-ex_firmware	3.0.0	cpe:2.3:o:tyan:s5552\/s5552wgm4nr-ex_firmware:3.0.0:::::::*
tyan	s5552\/s5552wgm4nr	-	cpe:2.3:h:tyan:s5552\/s5552wgm4nr:-:::::::*
tyan	s5552\/s5552wgm4nr_firmware	3.0.0	cpe:2.3:o:tyan:s5552\/s5552wgm4nr_firmware:3.0.0:::::::*
tyan	s5552\/s5552gm4nr	-	cpe:2.3:h:tyan:s5552\/s5552gm4nr:-:::::::*
tyan	s5552\/s5552gm4nr_firmware	3.0.0	cpe:2.3:o:tyan:s5552\/s5552gm4nr_firmware:3.0.0:::::::*
tyan	s5552\/s5552gm2nr	-	cpe:2.3:h:tyan:s5552\/s5552gm2nr:-:::::::*
tyan	s5552\/s5552gm2nr_firmware	3.0.0	cpe:2.3:o:tyan:s5552\/s5552gm2nr_firmware:3.0.0:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "s5552_bmc",
    "vendor": "tyan",
    "versions": [
      {
        "status": "affected",
        "version": "3.00"
      }
    ]
  }
]

References

www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-2538/

CVSS3

5.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

36.1%

JSON

Related for CVE-2023-2538