Lucene search

K
nvd[email protected]NVD:CVE-2023-5719
HistoryNov 06, 2023 - 8:15 p.m.

CVE-2023-5719

2023-11-0620:15:07
CWE-158
web.nvd.nist.gov
5
crimson 3.2
windows-based
configuration tool
administrative access
security configuration
invalid values
vulnerability
compromised credentials
web server

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.001

Percentile

39.1%

The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability.

Affected configurations

Nvd
Node
redlioncrimsonRange<3.2
OR
redlioncrimsonMatch3.2build_3.2.0008.0
OR
redlioncrimsonMatch3.2build_3.2.0014.0
OR
redlioncrimsonMatch3.2build_3.2.0015.0
OR
redlioncrimsonMatch3.2build_3.2.0016.0
OR
redlioncrimsonMatch3.2build_3.2.0020.0
OR
redlioncrimsonMatch3.2build_3.2.0021.0
OR
redlioncrimsonMatch3.2build_3.2.0025.0
OR
redlioncrimsonMatch3.2build_3.2.0026.0
OR
redlioncrimsonMatch3.2build_3.2.0030.0
OR
redlioncrimsonMatch3.2build_3.2.0031.0
OR
redlioncrimsonMatch3.2build_3.2.0035.0
OR
redlioncrimsonMatch3.2build_3.2.0036.0
OR
redlioncrimsonMatch3.2build_3.2.0040.0
OR
redlioncrimsonMatch3.2build_3.2.0041.0
OR
redlioncrimsonMatch3.2build_3.2.0044.0
OR
redlioncrimsonMatch3.2build_3.2.0047.0
OR
redlioncrimsonMatch3.2build_3.2.0050.0
OR
redlioncrimsonMatch3.2build_3.2.0051.0
OR
redlioncrimsonMatch3.2build_3.2.0053.0
OR
redlioncrimsonMatch3.2build_3.2.0053.1
OR
redlioncrimsonMatch3.2build_3.2.0053.18
AND
redlionda50aMatch-
OR
redlionda70aMatch-
VendorProductVersionCPE
redlioncrimson*cpe:2.3:a:redlion:crimson:*:*:*:*:*:*:*:*
redlioncrimson3.2cpe:2.3:a:redlion:crimson:3.2:build_3.2.0008.0:*:*:*:*:*:*
redlioncrimson3.2cpe:2.3:a:redlion:crimson:3.2:build_3.2.0014.0:*:*:*:*:*:*
redlioncrimson3.2cpe:2.3:a:redlion:crimson:3.2:build_3.2.0015.0:*:*:*:*:*:*
redlioncrimson3.2cpe:2.3:a:redlion:crimson:3.2:build_3.2.0016.0:*:*:*:*:*:*
redlioncrimson3.2cpe:2.3:a:redlion:crimson:3.2:build_3.2.0020.0:*:*:*:*:*:*
redlioncrimson3.2cpe:2.3:a:redlion:crimson:3.2:build_3.2.0021.0:*:*:*:*:*:*
redlioncrimson3.2cpe:2.3:a:redlion:crimson:3.2:build_3.2.0025.0:*:*:*:*:*:*
redlioncrimson3.2cpe:2.3:a:redlion:crimson:3.2:build_3.2.0026.0:*:*:*:*:*:*
redlioncrimson3.2cpe:2.3:a:redlion:crimson:3.2:build_3.2.0030.0:*:*:*:*:*:*
Rows per page:
1-10 of 241

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.001

Percentile

39.1%

Related for NVD:CVE-2023-5719