Lucene search

IcscertCVELIST:CVE-2023-6930

HistoryDec 19, 2023 - 11:04 p.m.

CVE-2023-6930 Improper Access Control in EuroTel ETL3100

2023-12-1923:04:49

CWE-284

icscert

www.cve.org

eurotel

etl3100

access control

vulnerability

disclosure

authentication bypass

privilege escalation

system access

CVSS3

9.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

AI Score

9.7

Confidence

High

EPSS

0.001

Percentile

39.1%

JSON

EuroTel ETL3100 versions v01c01 and v01x37 suffer from an unauthenticated configuration and log download vulnerability. This enables the attacker to disclose sensitive information and assist in authentication bypass, privilege escalation, and full system access.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ETL3100",
    "vendor": "EuroTel",
    "versions": [
      {
        "status": "affected",
        "version": "v01c01"
      },
      {
        "status": "affected",
        "version": "v01x37"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-23-353-05

CVSS3

9.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

AI Score

9.7

Confidence

High

EPSS

0.001

Percentile

39.1%

JSON

Related for CVELIST:CVE-2023-6930