Lucene search

MitreCVE-2023-31634

HistoryMar 27, 2024 - 6:15 a.m.

CVE-2023-31634

2024-03-2706:15:08

CWE-287

mitre

web.nvd.nist.gov

teslamate

unauthorized access

remote viewing

operation

user data

port 4000

port 3000

grafana

default username

password

cve-2023-31634

cve-2022-23126

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.003

Percentile

70.7%

JSON

In TeslaMate before 1.27.2, there is unauthorized access to port 4000 for remote viewing and operation of user data. After accessing the IP address for the TeslaMate instance, an attacker can switch the port to 3000 to enter Grafana for remote operations. At that time, the default username and password can be used to enter the Grafana management console without logging in, a related issue to CVE-2022-23126.

References

github.com/adriankumpf/teslamate/releases/tag/v1.27.2

github.com/XC9409/CVE-2023-31634/blob/main/PoC

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.003

Percentile

70.7%

JSON

Related for CVE-2023-31634