Lucene search

ZdiCVELIST:CVE-2023-51573

HistoryApr 01, 2024 - 9:18 p.m.

CVE-2023-51573 Voltronic Power ViewPower Pro updateManagerPassword Exposed Dangerous Function Authentication Bypass Vulnerability

2024-04-0121:18:29

CWE-749

zdi

www.cve.org

voltronic power viewpower pro

updatemanagerpassword

authentication bypass

remote attackers

dangerous function

vulnerability

zdi-can-21203

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.0%

JSON

Voltronic Power ViewPower Pro updateManagerPassword Exposed Dangerous Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the updateManagerPassword function. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-21203.

CNA Affected

[
  {
    "vendor": "Voltronic Power",
    "product": "ViewPower Pro",
    "versions": [
      {
        "version": "2.0-22165",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.zerodayinitiative.com/advisories/ZDI-23-1879/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.0%

JSON

Related for CVELIST:CVE-2023-51573