CarrierCVELIST:CVE-2023-36483CVE-2023-36483 MAS (a Carrier brand) MASmobile Classic Authorization Bypass
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
8.9%
Authorization bypass can be achieved by session ID prediction in MASmobile Classic AndroidΒ version 1.16.18 and earlier and
MASmobile Classic iOS version 1.7.24 and earlier
which allows remote attackers to retrieve sensitive dataΒ including customer data, security system status, and event history.
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"Android"
],
"product": "MASmobile Classic",
"vendor": "MAS (a Carrier brand)",
"versions": [
{
"lessThanOrEqual": "1.16.18",
"status": "affected",
"version": "1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"iOS"
],
"product": "MASmobile Classic",
"vendor": "MAS (a Carrier brand)",
"versions": [
{
"lessThanOrEqual": "1.7.24",
"status": "affected",
"version": "1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MAS ASP.Net Services",
"vendor": "MAS (a Carrier brand)",
"versions": [
{
"lessThanOrEqual": "1.9",
"status": "affected",
"version": "1",
"versionType": "custom"
}
]
}
]
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
8.9%