← Voltar para CVEs
CVE-2023-22618
HIGH8.1
Descricao
If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects (for example) WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite Metro 200 and F2B fans, WaveLite Metro 200 OPS and F2B fans, WaveLite Metro 200 NE and F2B fans, and WaveLite Metro 200 NE OPS and F2B fans.
Detalhes CVE
Pontuacao CVSS v3.18.1
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Vetor de ataqueLOCAL
ComplexidadeHIGH
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado10/4/2023
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
nokia:wavelite_metro_200_and_f2b_fansnokia:wavelite_metro_200_and_f2b_fans_firmwarenokia:wavelite_metro_200_and_fannokia:wavelite_metro_200_and_fan_firmwarenokia:wavelite_metro_200_ne_and_f2b_fansnokia:wavelite_metro_200_ne_and_f2b_fans_firmwarenokia:wavelite_metro_200_ne_ops_and_f2b_fansnokia:wavelite_metro_200_ne_ops_and_f2b_fans_firmwarenokia:wavelite_metro_200_ops_and_f2b_fansnokia:wavelite_metro_200_ops_and_f2b_fans_firmwarenokia:wavelite_metro_200_ops_and_fansnokia:wavelite_metro_200_ops_and_fans_firmware
Fraquezas (CWE)
CWE-284
Referencias
https://nokia.com(cve@mitre.org)
https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-22618/(cve@mitre.org)
https://nokia.com(af854a3a-2127-422b-91ae-364da2661108)
https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-22618/(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.