Lucene search

SoftIronCVELIST:CVE-2023-45083

HistoryDec 05, 2023 - 4:15 p.m.

CVE-2023-45083 HyperCloud: "admin" and "serveradmin" users can be deleted

2023-12-0516:15:07

CWE-269

SoftIron

www.cve.org

hypercloud

privilege management

vulnerability

admin user

serveradmin user

authentication

version 2.1

CVSS3

4.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H

AI Score

5.1

Confidence

High

EPSS

Percentile

9.0%

JSON

An Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability for a user to authenticate against the management plane.

An authenticated admin-level user may be able to delete the “admin” or “serveradmin” users, which prevents authentication from subsequently succeeding.

This issue affects HyperCloud versions 1.0 to any release before 2.1.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HyperCloud",
    "vendor": "SoftIron",
    "versions": [
      {
        "lessThan": "2.1",
        "status": "affected",
        "version": "1.0",
        "versionType": "semver"
      }
    ]
  }
]

References

advisories.softiron.cloud

CVSS3

4.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H

AI Score

5.1

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2023-45083