CybellumCVELIST:CVE-2023-42419CVE-2023-42419 Improper Management of Cryptographic Keys in the Maintenance Server in QCOW Air-Gapped Distribution (China Edition)
3.8 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
4.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Maintenance Server, in Cybellum’s QCOW air-gapped distribution (China Edition), versions 2.15.5 through 2.27, was compiled with a hard-coded private cryptographic key.
An attacker with administrative privileges & access to the air-gapped server could potentially use this key to run commands on the server.
The issue was resolved in version 2.28.
Earlier versions, including all Cybellum 1.x versions, and distributions for the rest of the world remain unaffected.
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"qcow"
],
"product": "Maintenance Server",
"vendor": "Cybellum",
"versions": [
{
"lessThanOrEqual": "2.27",
"status": "affected",
"version": "2.15.5",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.*"
},
{
"lessThanOrEqual": "2.19",
"status": "unaffected",
"version": "2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "or above",
"status": "unaffected",
"version": "2.28",
"versionType": "custom"
}
]
}
]References
Related
3.8 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
4.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%