Lucene search

CERTVDECVELIST:CVE-2023-39167

HistoryDec 07, 2023 - 2:05 p.m.

CVE-2023-39167 SENEC: Storage Box V1,V2 and V3 affected by improper access control vulnerability

2023-12-0714:05:01

CWE-862

CERTVDE

www.cve.org

cve-2023-39167

senec

storage box

unauthenticated remote attacker

logfiles

sensitive data

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

57.7%

JSON

In SENEC Storage Box V1,V2 and V3 an unauthenticated remote attacker can obtain the devices’ logfiles that contain sensitive data.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Storage Box V1",
    "vendor": "SENEC",
    "versions": [
      {
        "status": "affected",
        "version": "all (until 19.06.2023)"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Storage Box V2",
    "vendor": "SENEC",
    "versions": [
      {
        "status": "affected",
        "version": "all (until 19.06.2023)"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Storage Box V3",
    "vendor": "SENEC",
    "versions": [
      {
        "status": "affected",
        "version": "all (until 19.06.2023)"
      }
    ]
  }
]

References

seclists.org/fulldisclosure/2023/Nov/5

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

57.7%

JSON

Related for CVELIST:CVE-2023-39167