Lucene search

K
nvd[email protected]NVD:CVE-2023-33371
HistoryAug 03, 2023 - 1:15 a.m.

CVE-2023-33371

2023-08-0301:15:11
CWE-798
web.nvd.nist.gov
2
cve-2023-33371
control id
jwt session tokens
authentication bypass

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

56.7%

Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication.

Affected configurations

Nvd
Node
assaabloycontrol_id_idsecureRange4.7.26.0
VendorProductVersionCPE
assaabloycontrol_id_idsecure*cpe:2.3:a:assaabloy:control_id_idsecure:*:*:*:*:*:*:*:*

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

56.7%

Related for NVD:CVE-2023-33371