Lucene search

[email protected]NVD:CVE-2023-6329

HistoryNov 27, 2023 - 5:15 p.m.

CVE-2023-6329

2023-11-2717:15:09

CWE-287

[email protected]

web.nvd.nist.gov

authentication

bypass

control id idsecure

vulnerability

unauthenticated attacker

administrative user

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.613

Percentile

97.9%

JSON

An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a “passwordCustom” option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authentication and act as an administrative user.

Affected configurations

Nvd

Node

controlididsecureMatch4.7.32.0

VendorProductVersionCPE
controlididsecure4.7.32.0cpe:2.3:a:controlid:idsecure:4.7.32.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
controlid	idsecure	4.7.32.0	cpe:2.3:a:controlid:idsecure:4.7.32.0:::::::*

References

tenable.com/security/research/tra-2023-36

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.613

Percentile

97.9%

JSON

Related for NVD:CVE-2023-6329

prion1 cve1 packetstorm1 cvelist1 metasploit1 rapid7blog1