8.8
CVE-2023-36497
- EPSS 0.52%
- Veröffentlicht 11.09.2023 20:15:09
- Zuletzt bearbeitet 21.11.2024 08:09:49
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginDover Fueling Solutions MAGLINK LX Web Console Authentication Bypass by Primary Weakness
Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 could allow a guest user to elevate to admin privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Doverfuelingsolutions ≫ Maglink Lx Web Console Configuration Version2.5.1
Doverfuelingsolutions ≫ Maglink Lx Web Console Configuration Version2.5.2
Doverfuelingsolutions ≫ Maglink Lx Web Console Configuration Version2.5.3
Doverfuelingsolutions ≫ Maglink Lx Web Console Configuration Version2.6.1
Doverfuelingsolutions ≫ Maglink Lx Web Console Configuration Version2.11
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.52% | 0.397 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| ics-cert@hq.dhs.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-305 Authentication Bypass by Primary Weakness
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01