9
CVE-2023-4299
- EPSS 0.02%
- Veröffentlicht 31.08.2023 21:15:09
- Zuletzt bearbeitet 21.11.2024 08:34:48
- Quelle ics-cert@hq.dhs.gov
- Teams Watchlist Login
- Unerledigt Login
Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Digi ≫ Connectport Ts 8/16 Firmware Version < 2.26.2.4
Digi ≫ Passport Firmware Version-
Digi ≫ Connectport Lts 8/16/32 Firmware Version < 1.4.9
Digi ≫ Cm Firmware Version-
Digi ≫ Portserver Ts Firmware Version-
Digi ≫ Portserver Ts Mei Firmware Version-
Digi ≫ Portserver Ts Mei Hardened Firmware Version-
Digi ≫ Portserver Ts M Mei Firmware Version-
Digi ≫ Portserver Ts P Mei Firmware Version-
Digi ≫ One Iap Firmware Version-
Digi ≫ One Ia Firmware Version-
Digi ≫ One Sp Ia Firmware Version-
Digi ≫ One Sp Firmware Version-
Digi ≫ Wr31 Firmware Version-
Digi ≫ Transport Wr11 Xt Firmware Version-
Digi ≫ Wr44 R Firmware Version-
Digi ≫ Wr21 Firmware Version-
Digi ≫ Connect Es Firmware Version < 2.26.2.4
Digi ≫ Connect Sp Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.03 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| ics-cert@hq.dhs.gov | 9 | 2.2 | 6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
|
CWE-836 Use of Password Hash Instead of Password for Authentication
The product records password hashes in a data store, receives a hash of a password from a client, and compares the supplied hash to the hash obtained from the data store.