Lucene search

[email protected]CVE-2023-45499

HistoryOct 27, 2023 - 4:15 a.m.

CVE-2023-45499

2023-10-2704:15:10

CWE-798

[email protected]

web.nvd.nist.gov

vinchin

backup & recovery

cve-2023-45499

nvd

hardcoded credentials

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.4%

JSON

VinChin Backup & Recovery v5.0., v6.0., v6.7., and v7.0. was discovered to contain hardcoded credentials.

Affected configurations

NVD

Node

vinchinvinchin_backup_and_recoveryRange5.0–7.0

CPENameOperatorVersion
vinchin:vinchin_backup_and_recoveryvinchin vinchin backup and recoveryle7.0

CPE	Name	Operator	Version
vinchin:vinchin_backup_and_recovery	vinchin vinchin backup and recovery	le	7.0

References

packetstormsecurity.com/files/175397/VinChin-VMWare-Backup-7.0-Hardcoded-Credential-Remote-Code-Execution.html

packetstormsecurity.com/files/176289/Vinchin-Backup-And-Recovery-Command-Injection.html

seclists.org/fulldisclosure/2023/Oct/31

blog.leakix.net/2023/10/vinchin-backup-rce-chain/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.4%

JSON

Related for CVE-2023-45499

cvelist1 prion1 nvd1 packetstorm1 zdt1 rapid7blog1