Lucene search

0a72a055-908d-47f5-a16a-1f09049c16c6CVE-2023-45083

HistoryDec 05, 2023 - 5:15 p.m.

CVE-2023-45083

2023-12-0517:15:07

CWE-269

0a72a055-908d-47f5-a16a-1f09049c16c6

web.nvd.nist.gov

cve-2023-45083

vulnerability

hypercloud

authentication

privilege management

nvd

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

4.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

An Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability for a user to authenticate against the management plane.

An authenticated admin-level user may be able to delete the “admin” or “serveradmin” users, which prevents authentication from subsequently succeeding.

This issue affects HyperCloud versions 1.0 to any release before 2.1.

Affected configurations

NVD

Node

softironhypercloudRange1.0–2.1.0

CPENameOperatorVersion
softiron:hypercloudsoftiron hypercloudlt2.1.0

CPE	Name	Operator	Version
softiron:hypercloud	softiron hypercloud	lt	2.1.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HyperCloud",
    "vendor": "SoftIron",
    "versions": [
      {
        "lessThan": "2.1",
        "status": "affected",
        "version": "1.0",
        "versionType": "semver"
      }
    ]
  }
]

References

advisories.softiron.cloud

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

4.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2023-45083