Lucene search

NCSC-NLCVE-2023-41919

HistoryJul 02, 2024 - 8:15 a.m.

CVE-2023-41919

2024-07-0208:15:03

CWE-798

NCSC-NL

web.nvd.nist.gov

credentials

application security

unauthorized access

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

39.6%

JSON

Hardcoded credentials are discovered within the application’s source code, creating a potential security risk for unauthorized access.

Affected configurations

Nvd

Node

kiloviewp2_firmwareRange≤4.8.2605

AND

kiloviewp2Match-

Node

kiloviewp1_firmwareRange≤4.8.2605

AND

kiloviewp1Match-

VendorProductVersionCPE
kiloviewp2_firmware*cpe:2.3:o:kiloview:p2_firmware:*:*:*:*:*:*:*:*
kiloviewp2-cpe:2.3:h:kiloview:p2:-:*:*:*:*:*:*:*
kiloviewp1_firmware*cpe:2.3:o:kiloview:p1_firmware:*:*:*:*:*:*:*:*
kiloviewp1-cpe:2.3:h:kiloview:p1:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
kiloview	p2_firmware	*	cpe:2.3:o:kiloview:p2_firmware::::::::
kiloview	p2	-	cpe:2.3:h:kiloview:p2:-:::::::*
kiloview	p1_firmware	*	cpe:2.3:o:kiloview:p1_firmware::::::::
kiloview	p1	-	cpe:2.3:h:kiloview:p1:-:::::::*

CNA Affected

[
  {
    "vendor": "Kiloview",
    "product": "P1/P2",
    "versions": [
      {
        "status": "affected",
        "version": "All",
        "lessThanOrEqual": "4.8.2605",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

advisories.ncsc.nl/advisory?id=NCSC-2024-0273

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

39.6%

JSON

Related for CVE-2023-41919