8.8

CVE-2023-50015

An issue was discovered in Grandstream GXP14XX 1.0.8.9 and GXP16XX 1.0.7.13, allows remote attackers to escalate privileges via incorrect access control using an end-user session-identity token.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellergrandstream
Produkt gxp1405_firmware
Default Statusunknown
Version <= 1.0.8.9
Version 0
Status affected
Herstellergrandstream
Produkt gxp1610_firmware
Default Statusunknown
Version <= 1.0.7.13
Version 0
Status affected
Herstellergrandstream
Produkt gxp1615_firmware
Default Statusunknown
Version <= 1.0.7.13
Version 0
Status affected
Herstellergrandstream
Produkt gxp1620_firmware
Default Statusunknown
Version <= 1.0.7.13
Version 0
Status affected
Herstellergrandstream
Produkt gxp1625_firmware
Default Statusunknown
Version <= 1.0.7.13
Version 0
Status affected
Herstellergrandstream
Produkt gxp1628_firmware
Default Statusunknown
Version <= 1.0.7.13
Version 0
Status affected
Herstellergrandstream
Produkt gxp1630_firmware
Default Statusunknown
Version <= 1.0.7.13
Version 0
Status affected
Herstellergrandstream
Produkt gxp1400_firmware
Default Statusunknown
Version <= 1.0.8.9
Version 0
Status affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.3% 0.527
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-250 Execution with Unnecessary Privileges

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.