Home

Description

ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker to impersonate an authoritative server.

PUBLISHED Reserved 2023-11-27 | Published 2024-05-15 | Updated 2024-08-02 | Assigner Bitdefender




MEDIUM: 4.3CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-345 Insufficient Verification of Data Authenticity

Product status

Default status
unaffected

Any version before 4.3.4.2
affected

Credits

Alexandru Lazar finder

Radu Basaraba finder

References

bitdefender.com/...k-kalay-vulnerabilities-and-their-impact/

bitdefender.com/...k-kalay-vulnerabilities-and-their-impact/

cve.org (CVE-2023-6323)

nvd.nist.gov (CVE-2023-6323)

Download JSON