Lucene search

[email protected]NVD:CVE-2023-49221

HistoryJun 07, 2024 - 8:15 p.m.

CVE-2023-49221

2024-06-0720:15:10

CWE-798

[email protected]

web.nvd.nist.gov

cve-2023-49221

precor

touchscreen

console

security restrictions

service menu

hard-coded service code

remote attacker

local network

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.0%

JSON

Precor touchscreen console P62, P80, and P82 could allow a remote attacker (within the local network) to bypass security restrictions, and access the service menu, because there is a hard-coded service code.

References

securityintelligence.com/x-force/internet-connected-treadmill-vulnerabilities-discovered/

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.0%

JSON

Related for NVD:CVE-2023-49221

cvelist1 cve1 vulnrichment1