Lucene search

IcscertCVELIST:CVE-2023-3638

HistoryJul 19, 2023 - 2:22 p.m.

CVE-2023-3638 GeoVision GV-ADR2701 Improper Authentication

2023-07-1914:22:13

CWE-287

icscert

www.cve.org

cve-2023-3638

geovision

improper authentication

web application access

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.4%

JSON

In GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web application.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "GV-ADR2701",
    "vendor": "GeoVision ",
    "versions": [
      {
        "status": "affected",
        "version": "1.00_2017_12_15"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-23-199-05

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.4%

JSON

Related for CVELIST:CVE-2023-3638