Lucene search

[email protected]NVD:CVE-2023-2538

HistoryJul 05, 2023 - 1:15 p.m.

CVE-2023-2538

2023-07-0513:15:09

CWE-552

[email protected]

web.nvd.nist.gov

cwe-552

files accessible to external parties

tls certificate

man-in-the-middle

https

CVSS3

4.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

36.1%

JSON

A CWE-552 "Files or Directories Accessible to External Parties” in the web interface of the Tyan S5552 BMC version 3.00 allows an unauthenticated remote attacker to retrieve the private key of the TLS certificate in use by the BMC via forced browsing. This can then be abused to perform Man-in-the-Middle (MitM) attacks against victims that access the web interface through HTTPS.

Affected configurations

Nvd

Node

tyans5552\/s5552wgm4nr-exMatch-

AND

tyans5552\/s5552wgm4nr-ex_firmwareMatch3.0.0

Node

tyans5552\/s5552wgm4nrMatch-

AND

tyans5552\/s5552wgm4nr_firmwareMatch3.0.0

Node

tyans5552\/s5552gm4nrMatch-

AND

tyans5552\/s5552gm4nr_firmwareMatch3.0.0

Node

tyans5552\/s5552gm2nrMatch-

AND

tyans5552\/s5552gm2nr_firmwareMatch3.0.0

VendorProductVersionCPE
tyans5552\/s5552wgm4nr-ex-cpe:2.3:h:tyan:s5552\/s5552wgm4nr-ex:-:*:*:*:*:*:*:*
tyans5552\/s5552wgm4nr-ex_firmware3.0.0cpe:2.3:o:tyan:s5552\/s5552wgm4nr-ex_firmware:3.0.0:*:*:*:*:*:*:*
tyans5552\/s5552wgm4nr-cpe:2.3:h:tyan:s5552\/s5552wgm4nr:-:*:*:*:*:*:*:*
tyans5552\/s5552wgm4nr_firmware3.0.0cpe:2.3:o:tyan:s5552\/s5552wgm4nr_firmware:3.0.0:*:*:*:*:*:*:*
tyans5552\/s5552gm4nr-cpe:2.3:h:tyan:s5552\/s5552gm4nr:-:*:*:*:*:*:*:*
tyans5552\/s5552gm4nr_firmware3.0.0cpe:2.3:o:tyan:s5552\/s5552gm4nr_firmware:3.0.0:*:*:*:*:*:*:*
tyans5552\/s5552gm2nr-cpe:2.3:h:tyan:s5552\/s5552gm2nr:-:*:*:*:*:*:*:*
tyans5552\/s5552gm2nr_firmware3.0.0cpe:2.3:o:tyan:s5552\/s5552gm2nr_firmware:3.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tyan	s5552\/s5552wgm4nr-ex	-	cpe:2.3:h:tyan:s5552\/s5552wgm4nr-ex:-:::::::*
tyan	s5552\/s5552wgm4nr-ex_firmware	3.0.0	cpe:2.3:o:tyan:s5552\/s5552wgm4nr-ex_firmware:3.0.0:::::::*
tyan	s5552\/s5552wgm4nr	-	cpe:2.3:h:tyan:s5552\/s5552wgm4nr:-:::::::*
tyan	s5552\/s5552wgm4nr_firmware	3.0.0	cpe:2.3:o:tyan:s5552\/s5552wgm4nr_firmware:3.0.0:::::::*
tyan	s5552\/s5552gm4nr	-	cpe:2.3:h:tyan:s5552\/s5552gm4nr:-:::::::*
tyan	s5552\/s5552gm4nr_firmware	3.0.0	cpe:2.3:o:tyan:s5552\/s5552gm4nr_firmware:3.0.0:::::::*
tyan	s5552\/s5552gm2nr	-	cpe:2.3:h:tyan:s5552\/s5552gm2nr:-:::::::*
tyan	s5552\/s5552gm2nr_firmware	3.0.0	cpe:2.3:o:tyan:s5552\/s5552gm2nr_firmware:3.0.0:::::::*

References

www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-2538/

CVSS3

4.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

36.1%

JSON

Related for NVD:CVE-2023-2538

cvelist1 cve1 prion1