5.8

CVE-2023-2538

EPSS 0.06%
Veröffentlicht 05.07.2023 13:15:09
Zuletzt bearbeitet 21.11.2024 07:58:47
Quelle prodsec@nozominetworks.com
CVE-Watchlists
Login
Unerledigt
Login

A CWE-552 "Files or Directories Accessible to External Parties” in the web interface of the Tyan S5552 BMC version 3.00 allows an unauthenticated remote attacker to retrieve the private key of the TLS certificate in use by the BMC via forced browsing. This can then be abused to perform Man-in-the-Middle (MitM) attacks against victims that access the web interface through HTTPS.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tyan ≫ S5552/s5552wgm4nr-ex Firmware Version3.0.0

Tyan ≫ S5552/s5552wgm4nr-ex Version-

Tyan ≫ S5552/s5552wgm4nr Firmware Version3.0.0

Tyan ≫ S5552/s5552wgm4nr Version-

Tyan ≫ S5552/s5552gm4nr Firmware Version3.0.0

Tyan ≫ S5552/s5552gm4nr Version-

Tyan ≫ S5552/s5552gm2nr Firmware Version3.0.0

Tyan ≫ S5552/s5552gm2nr Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.19

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.2	1.6	2.5	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
prodsec@nozominetworks.com	5.8	1.6	3.7	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

CWE-552 Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-2538/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-2538

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-2538

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-2538

EUVD