Lucene search

K
cvelistCERTVDECVELIST:CVE-2023-39167
HistoryDec 07, 2023 - 2:05 p.m.

CVE-2023-39167 SENEC: Storage Box V1,V2 and V3 affected by improper access control vulnerability

2023-12-0714:05:01
CWE-862
CERTVDE
www.cve.org
1
cve-2023-39167
senec
storage box
unauthenticated remote attacker
logfiles
sensitive data

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.003 Low

EPSS

Percentile

68.6%

InΒ SENEC Storage Box V1,V2 and V3 an unauthenticated remote attacker can obtain the devices’ logfiles that contain sensitive data.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Storage Box V1",
    "vendor": "SENEC",
    "versions": [
      {
        "status": "affected",
        "version": "all (until 19.06.2023)"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Storage Box V2",
    "vendor": "SENEC",
    "versions": [
      {
        "status": "affected",
        "version": "all (until 19.06.2023)"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Storage Box V3",
    "vendor": "SENEC",
    "versions": [
      {
        "status": "affected",
        "version": "all (until 19.06.2023)"
      }
    ]
  }
]

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.003 Low

EPSS

Percentile

68.6%

Related for CVELIST:CVE-2023-39167