Lucene search

NCSC-NLCVELIST:CVE-2023-41918

HistoryJul 02, 2024 - 7:42 a.m.

CVE-2023-41918 Missing Authentication for Critical Function in Kiloview P1/P2 devices

2024-07-0207:42:08

CWE-306

NCSC-NL

www.cve.org

kiloview p1

kiloview p2

unauthorized access

data manipulation

code execution

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

9.2%

JSON

A vulnerability allows unauthorized access to functionality inadequately constrained by ACLs. Attackers may exploit this to unauthenticated execute commands potentially leading to unauthorized data manipulation, access to privileged functions, or even the execution of arbitrary code.

CNA Affected

[
  {
    "vendor": "Kiloview",
    "product": "P1/P2",
    "versions": [
      {
        "status": "affected",
        "version": "All",
        "lessThanOrEqual": "4.8.2605",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

advisories.ncsc.nl/advisory?id=NCSC-2024-0273

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for CVELIST:CVE-2023-41918