Lucene search

[email protected]CVE-2023-46595

HistoryNov 02, 2023 - 8:15 a.m.

CVE-2023-46595

2023-11-0208:15:08

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-46595

net-ntlm

html injection

fireflow

visualflow

nvd

security advisory

5.9 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.1%

JSON

Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor allows an attacker to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks. Fixed in A32.20 (b570 or above), A32.50 (b390 or above)

Affected configurations

NVD

Node

algosecfireflowMatcha32.20

algosecfireflowMatcha32.50

algosecfireflowMatcha32.60

CPENameOperatorVersion
algosec:fireflowalgosec firefloweqa32.20
algosec:fireflowalgosec firefloweqa32.50
algosec:fireflowalgosec firefloweqa32.60

CPE	Name	Operator	Version
algosec:fireflow	algosec fireflow	eq	a32.20
algosec:fireflow	algosec fireflow	eq	a32.50
algosec:fireflow	algosec fireflow	eq	a32.60

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "64 bit",
      "Linux"
    ],
    "product": "Algosec FireFlow",
    "vendor": "Algosec",
    "versions": [
      {
        "status": "affected",
        "version": "A32.20, A32.50"
      }
    ]
  }
]

References

cwe.mitre.org/data/definitions/79.html

5.9 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.1%

JSON

Related for CVE-2023-46595

prion1 nvd1 cvelist1