Lucene search

[email protected]NVD:CVE-2023-2504

HistoryMay 22, 2023 - 10:15 p.m.

CVE-2023-2504

2023-05-2222:15:10

CWE-798

[email protected]

web.nvd.nist.gov

cve-2023-2504

hard-coded credentials

unauthorized access

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

67.8%

JSON

Files present on firmware images could allow an attacker to gain unauthorized access as a root user using hard-coded credentials.

Affected configurations

NVD

Node

birddoga300Match-

AND

birddoga300_firmwareMatch3.4

Node

birddogminiMatch-

AND

birddogmini_firmwareMatch2.6.2

Node

birddog4k_quadMatch-

AND

birddog4k_quad_firmwareMatch4.5.181

birddog4k_quad_firmwareMatch4.5.196

Node

birddogstudio_r3Match-

AND

birddogstudio_r3_firmwareMatch3.6.4

References

birddog.tv/downloads/

www.cisa.gov/news-events/ics-advisories/icsa-23-131-11

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

67.8%

JSON

Related for NVD:CVE-2023-2504

cve1 prion1 cvelist1 ics1