← Volver a CVEs
CVE-2023-4667
HIGH8.1
Descripcion
The web interface of the PAC Device allows the device administrator user profile to store malicious scripts in some fields. The stored malicious script is then executed when the GUI is opened by any users of the webserver administration interface. The root cause of the vulnerability is inadequate input validation and output encoding in the web administration interface component of the firmware. This could lead to unauthorized access and data leakage
Detalles CVE
Puntuacion CVSS v3.18.1
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosHIGH
Interaccion usuarioREQUIRED
Publicado11/28/2023
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
idemia:morphowave_compactidemia:morphowave_compact_firmwareidemia:morphowave_spidemia:morphowave_sp_firmwareidemia:sgima_lite_\&_lite\+idemia:sgima_lite_\&_lite\+_firmwareidemia:sigma_extremeidemia:sigma_extreme_firmwareidemia:sigma_wideidemia:sigma_wide_firmwareidemia:visionpassidemia:visionpass_firmware
Debilidades (CWE)
CWE-79CWE-79
Referencias
https://www.idemia.com/vulnerability-information(a87f365f-9d39-4848-9b3a-58c7cae69cab)
https://www.idemia.com/vulnerability-information(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.