CVE-2023-42419 Improper Management of Cryptographic Keys in the Maintenance Server in QCOW Air-Gapped Distribution (China Edition)

🗓️ 05 Mar 2024 05:23:16Reported by CybellumType

Cybellum's QCOW China Edition Maintenance Server contains a hard-coded private cryptographic key

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2023-42419	5 Mar 202407:28	–	circl
CNNVD	Cybellum Security Breach	5 Mar 202400:00	–	cnnvd
CVE	CVE-2023-42419	5 Mar 202405:23	–	cve
EUVD	EUVD-2023-46871	3 Oct 202520:07	–	euvd
NVD	CVE-2023-42419	5 Mar 202406:15	–	nvd
Prion	Hardcoded credentials	5 Mar 202406:15	–	prion
Positive Technologies	PT-2024-13040 · Cybellum · Cybellum'S Qcow Air-Gapped Distribution	4 Mar 202400:00	–	ptsecurity
Vulnrichment	CVE-2023-42419 Improper Management of Cryptographic Keys in the Maintenance Server in QCOW Air-Gapped Distribution (China Edition)	5 Mar 202405:23	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "qcow"
    ],
    "product": "Maintenance Server",
    "vendor": "Cybellum",
    "versions": [
      {
        "lessThanOrEqual": "2.27",
        "status": "affected",
        "version": "2.15.5",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "1.*"
      },
      {
        "lessThanOrEqual": "2.19",
        "status": "unaffected",
        "version": "2.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "or above",
        "status": "unaffected",
        "version": "2.28",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
cybellum	www.cybellum.com/

05 Mar 2024 05:23Current

4.8Medium risk

Vulners AI Score4.8

CVSS 3.13.8

EPSS0.00139