Lucene search

IcscertCVELIST:CVE-2023-32657

HistoryJul 19, 2023 - 9:47 p.m.

CVE-2023-32657 Weintek Weincloud Improper Restriction of Excessive Authentication Attempts

2023-07-1921:47:37

CWE-307

icscert

www.cve.org

cve-2023-32657

weintek weincloud

improper restriction

authentication attempts

brute force attack

error message responses

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

40.1%

JSON

Weintek Weincloud v0.13.6

could allow an attacker to efficiently develop a brute force attack on credentials with authentication hints from error message responses.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Weincloud",
    "vendor": "Weintek",
    "versions": [
      {
        "lessThanOrEqual": "0.13.6",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-23-199-04

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

40.1%

JSON

Related for CVELIST:CVE-2023-32657