Lucene search

[email protected]CVE-2023-45228

HistoryOct 26, 2023 - 5:15 p.m.

CVE-2023-45228

2023-10-2617:15:09

CWE-284

[email protected]

web.nvd.nist.gov

cve-2023-45228

improper access control

user manipulation

http post request

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.2%

JSON

The application suffers from improper access control when editing users.
A user with read permissions can manipulate users, passwords, and
permissions by sending a single HTTP POST request with modified
parameters.

Affected configurations

NVD

Node

sielcoanalog_fm_transmitter_exc5000gxMatch2.12

AND

sielcoanalog_fm_transmitter_exc5000gx_firmwareMatch-

Node

sielcoanalog_fm_transmitter_exc120gxMatch2.12

AND

sielcoanalog_fm_transmitter_exc120gx_firmwareMatch-

Node

sielcoanalog_fm_transmitter_exc300gx_firmwareMatch-

AND

sielcoanalog_fm_transmitter_exc300gxMatch2.11

Node

sielcoanalog_fm_transmitter_exc1600gx_firmwareMatch-

AND

sielcoanalog_fm_transmitter_exc1600gxMatch2.10

Node

sielcoanalog_fm_transmitter_exc2000gx_firmwareMatch-

AND

sielcoanalog_fm_transmitter_exc2000gxMatch2.10

Node

sielcoanalog_fm_transmitter_exc1600gx_firmwareMatch-

AND

sielcoanalog_fm_transmitter_exc1600gxMatch2.08

Node

sielcoanalog_fm_transmitter_exc1000gx_firmwareMatch-

AND

sielcoanalog_fm_transmitter_exc1000gxMatch2.08

Node

sielcoanalog_fm_transmitter_exc3000gx_firmwareMatch-

AND

sielcoanalog_fm_transmitter_exc3000gxMatch2.07

Node

sielcoanalog_fm_transmitter_exc5000gx_firmwareMatch-

AND

sielcoanalog_fm_transmitter_exc5000gxMatch2.06

Node

sielcoanalog_fm_transmitter_exc30gt_firmwareMatch-

AND

sielcoanalog_fm_transmitter_exc30gtMatch1.7.7

Node

sielcoanalog_fm_transmitter_exc300gt_firmwareMatch-

AND

sielcoanalog_fm_transmitter_exc300gtMatch1.7.4

Node

sielcoanalog_fm_transmitter_exc100gt_firmwareMatch-

AND

sielcoanalog_fm_transmitter_exc100gtMatch1.7.4

Node

sielcoanalog_fm_transmitter_exc5000gt_firmwareMatch-

AND

sielcoanalog_fm_transmitter_exc5000gtMatch1.7.4

Node

sielcoanalog_fm_transmitter_exc1000gt_firmwareMatch-

AND

sielcoanalog_fm_transmitter_exc1000gtMatch1.6.3

Node

sielcoanalog_fm_transmitter_exc120gt_firmwareMatch-

AND

sielcoanalog_fm_transmitter_exc120gtMatch1.5.4

Node

sielcoradio_link_rtx19_firmwareMatch-

AND

sielcoradio_link_rtx19Match2.06

Node

sielcoradio_link_rtx19_firmwareMatch-

AND

sielcoradio_link_rtx19Match2.05

Node

sielcoradio_link_exc19_firmwareMatch-

AND

sielcoradio_link_exc19Match2.00

Node

sielcoradio_link_rtx19_firmwareMatch-

AND

sielcoradio_link_rtx19Match1.60

Node

sielcoradio_link_rtx19_firmwareMatch-

AND

sielcoradio_link_rtx19Match1.59

Node

sielcoradio_link_exc19_firmwareMatch-

AND

sielcoradio_link_exc19Match1.55

CPENameOperatorVersion
sielco:analog_fm_transmitter_exc5000gx_firmwaresielco analog fm transmitter exc5000gx firmwareeq-

CPE	Name	Operator	Version
sielco:analog_fm_transmitter_exc5000gx_firmware	sielco analog fm transmitter exc5000gx firmware	eq	-

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Analog FM transmitter",
    "vendor": "Sielco",
    "versions": [
      {
        "status": "affected",
        "version": "2.12 (EXC5000GX)"
      },
      {
        "status": "affected",
        "version": "2.12 (EXC120GX)"
      },
      {
        "status": "affected",
        "version": "2.11 (EXC300GX)"
      },
      {
        "status": "affected",
        "version": "2.10 (EXC1600GX)"
      },
      {
        "status": "affected",
        "version": "2.10 (EXC2000GX)"
      },
      {
        "status": "affected",
        "version": "2.08 (EXC1600GX)"
      },
      {
        "status": "affected",
        "version": "2.08 (EXC1000GX)"
      },
      {
        "status": "affected",
        "version": "2.07 (EXC3000GX)"
      },
      {
        "status": "affected",
        "version": "2.06 (EXC5000GX)"
      },
      {
        "status": "affected",
        "version": "1.7.7 (EXC30GT)"
      },
      {
        "status": "affected",
        "version": "1.7.4 (EXC300GT)"
      },
      {
        "status": "affected",
        "version": "1.7.4 (EXC100GT)"
      },
      {
        "status": "affected",
        "version": "1.7.4 (EXC5000GT)"
      },
      {
        "status": "affected",
        "version": "1.6.3 (EXC1000GT)"
      },
      {
        "status": "affected",
        "version": "1.5.4 (EXC120GT)"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Radio Link",
    "vendor": "Sielco ",
    "versions": [
      {
        "status": "affected",
        "version": "2.06 (RTX19)"
      },
      {
        "status": "affected",
        "version": "2.05 (RTX19)"
      },
      {
        "status": "affected",
        "version": "2.00 (EXC19)"
      },
      {
        "status": "affected",
        "version": "1.60 (RTX19)"
      },
      {
        "status": "affected",
        "version": "1.59 (RTX19)"
      },
      {
        "status": "affected",
        "version": "1.55 (EXC19)"
      }
    ]
  }
]