Lucene search
MitreCVE-2023-36651HistoryDec 12, 2023 - 1:15 a.m.
CVE-2023-36651
2023-12-1201:15:10
CWE-798
mitre
web.nvd.nist.gov
12
cve-2023-36651
prolion
cryptospike
hard-coded credentials
remote attackers
web management
super-admin
rest api
security vulnerability
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
6.9
Confidence
High
EPSS
0.001
Percentile
45.5%
Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials.
Affected configurations
Node
prolioncryptospikeMatch3.0.15p2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| prolion | cryptospike | 3.0.15 | cpe:2.3:a:prolion:cryptospike:3.0.15:p2:*:*:*:*:*:* |
References
Related
prion
prion
Hardcoded credentials
2023-12-12 01:15:00
vulnrichment
vulnrichment
CVE-2023-36651
2023-12-12 00:00:00
nvd
nvd
CVE-2023-36651
2023-12-12 01:15:10
cvelist
cvelist
CVE-2023-36651
2023-12-12 00:00:00
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
6.9
Confidence
High
EPSS
0.001
Percentile
45.5%
Related for CVE-2023-36651