VulDBVULNRICHMENT:CVE-2023-3237CVE-2023-3237 OTCMS hard-coded password
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AI Score
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
A vulnerability classified as critical was found in OTCMS up to 6.62. This vulnerability affects unknown code. The manipulation of the argument username/password with the input admin leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231508.
CNA Affected
[
{
"vendor": "n/a",
"product": "OTCMS",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.3"
},
{
"status": "affected",
"version": "6.4"
},
{
"status": "affected",
"version": "6.5"
},
{
"status": "affected",
"version": "6.6"
},
{
"status": "affected",
"version": "6.7"
},
{
"status": "affected",
"version": "6.8"
},
{
"status": "affected",
"version": "6.9"
},
{
"status": "affected",
"version": "6.10"
},
{
"status": "affected",
"version": "6.11"
},
{
"status": "affected",
"version": "6.12"
},
{
"status": "affected",
"version": "6.13"
},
{
"status": "affected",
"version": "6.14"
},
{
"status": "affected",
"version": "6.15"
},
{
"status": "affected",
"version": "6.16"
},
{
"status": "affected",
"version": "6.17"
},
{
"status": "affected",
"version": "6.18"
},
{
"status": "affected",
"version": "6.19"
},
{
"status": "affected",
"version": "6.20"
},
{
"status": "affected",
"version": "6.21"
},
{
"status": "affected",
"version": "6.22"
},
{
"status": "affected",
"version": "6.23"
},
{
"status": "affected",
"version": "6.24"
},
{
"status": "affected",
"version": "6.25"
},
{
"status": "affected",
"version": "6.26"
},
{
"status": "affected",
"version": "6.27"
},
{
"status": "affected",
"version": "6.28"
},
{
"status": "affected",
"version": "6.29"
},
{
"status": "affected",
"version": "6.30"
},
{
"status": "affected",
"version": "6.31"
},
{
"status": "affected",
"version": "6.32"
},
{
"status": "affected",
"version": "6.33"
},
{
"status": "affected",
"version": "6.34"
},
{
"status": "affected",
"version": "6.35"
},
{
"status": "affected",
"version": "6.36"
},
{
"status": "affected",
"version": "6.37"
},
{
"status": "affected",
"version": "6.38"
},
{
"status": "affected",
"version": "6.39"
},
{
"status": "affected",
"version": "6.40"
},
{
"status": "affected",
"version": "6.41"
},
{
"status": "affected",
"version": "6.42"
},
{
"status": "affected",
"version": "6.43"
},
{
"status": "affected",
"version": "6.44"
},
{
"status": "affected",
"version": "6.45"
},
{
"status": "affected",
"version": "6.46"
},
{
"status": "affected",
"version": "6.47"
},
{
"status": "affected",
"version": "6.48"
},
{
"status": "affected",
"version": "6.49"
},
{
"status": "affected",
"version": "6.50"
},
{
"status": "affected",
"version": "6.51"
},
{
"status": "affected",
"version": "6.52"
},
{
"status": "affected",
"version": "6.53"
},
{
"status": "affected",
"version": "6.54"
},
{
"status": "affected",
"version": "6.55"
},
{
"status": "affected",
"version": "6.56"
},
{
"status": "affected",
"version": "6.57"
},
{
"status": "affected",
"version": "6.58"
},
{
"status": "affected",
"version": "6.59"
},
{
"status": "affected",
"version": "6.60"
},
{
"status": "affected",
"version": "6.61"
},
{
"status": "affected",
"version": "6.62"
}
]
}
]Related
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AI Score
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial