Lucene search

INCIBECVELIST:CVE-2023-0506

HistoryOct 03, 2023 - 1:12 p.m.

CVE-2023-0506 ByDemes Group Airspace CCTV Web Service Improper Access Control

2023-10-0313:12:51

CWE-284

INCIBE

www.cve.org

cve-2023-0506

web service

vulnerability

version 2.616.by00.11

low-privileged

administrator access

improper access control

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.4%

JSON

The web service of ByDemes Group Airspace CCTV Web Service in its 2.616.BY00.11 version, contains a privilege escalation vulnerability, detected in the Camera Control Panel, whose exploitation could allow a low-privileged attacker to gain administrator access.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Airspace CCTV Web Service",
    "vendor": "ByDemes Group",
    "versions": [
      {
        "status": "affected",
        "version": "2.616.BY00.11"
      }
    ]
  }
]

References

github.com/zerolynx/wstg/blob/master/document/4-Web_Application_Security_Testing/05-Authorization_Testing/02-Testing_for_Bypassing_Authorization_Schema.md

www.incibe.es/en/incibe-cert/notices/aviso/inadequate-access-control-demes-group-products

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.4%

JSON

Related for CVELIST:CVE-2023-0506