← Back to CVEs
CVE-2023-0444
HIGH8.8
Description
A privilege escalation vulnerability exists in Delta Electronics InfraSuite Device Master 00.00.02a. A default user 'User', which is in the 'Read Only User' group, can view the password of another default user 'Administrator', which is in the 'Administrator' group. This allows any lower privileged user to log in as an administrator.
CVE Details
CVSS v3.1 Score8.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published1/26/2023
Last Modified4/3/2025
Sourcenvd
Honeypot Sightings0
Affected Products
deltaww:infrasuite_device_master
References
https://www.tenable.com/security/research/tra-2023-4(vulnreport@tenable.com)
https://www.tenable.com/security/research/tra-2023-4(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.