Lucene search

TwcertCVELIST:CVE-2023-48388

HistoryDec 15, 2023 - 8:45 a.m.

CVE-2023-48388 Multisuns EasyLog web+ - Use of Hard-coded Password

2023-12-1508:45:56

CWE-798

twcert

www.cve.org

cve-2023-48388

multisuns easylog

hard-coded password

remote attacker

arbitrary system operations

disrupt service

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

51.0%

JSON

Multisuns EasyLog web+ has a vulnerability of using hard-coded credentials. An remote attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "EasyLog web+",
    "vendor": "Multisuns",
    "versions": [
      {
        "status": "affected",
        "version": "1.13.2.8"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-7603-b1061-1.html

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

51.0%

JSON

Related for CVELIST:CVE-2023-48388