CVE-2023-36611 | THREATINT

Description

The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with “user” privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens.

PUBLISHED Reserved 2023-06-23 | Published 2023-07-03 | Updated 2024-10-25 | Assigner icscert

MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-285 Improper Authorization

Product status

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

Default status

unaffected

Any version

affected

Credits

Floris Hendriks finder

Jeroen Wijenbergh finder

Radboud University reporter

References

www.cisa.gov/news-events/ics-advisories/icsa-23-180-03 government-resource

www.cisa.gov/news-events/ics-advisories/icsa-23-180-03 government-resource

cve.org (CVE-2023-36611)

nvd.nist.gov (CVE-2023-36611)

Download JSON

help @ threatint.eu