Lucene search

IcscertCVELIST:CVE-2023-2306

HistoryOct 05, 2023 - 4:46 p.m.

CVE-2023-2306 Qognify NiceVision Use of Hard-coded Credentials

2023-10-0516:46:42

CWE-798

icscert

www.cve.org

cve-2023-2306

qognify nicevision

sensitive information

attacker

cameras

user information

database records

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.1%

JSON

Qognify NiceVision versions 3.1 and prior are vulnerable to exposing sensitive information using hard-coded credentials. With these credentials an attacker can retrieve information about the cameras, user information, and modify database records.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "NiceVision",
    "vendor": "Qognify",
    "versions": [
      {
        "lessThanOrEqual": "3.1",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-23-278-02

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.1%

JSON

Related for CVELIST:CVE-2023-2306