PT-2023-2323 · Delta Electronics · Infrasuite Device Master

Chudypd

Publicado

2023-03-21

Atualizado

2023-05-17

CVE-2023-1137

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Delta Electronics InfraSuite Device Master versions prior to 1.0.5

Description The issue is related to insufficient input validation, allowing a low-level user to extract files and plaintext credentials of administrator users. This results in privilege escalation. The vulnerability can be exploited by a remote attacker to elevate their privileges.

Recommendations For versions prior to 1.0.5, update to version 1.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and administrator credentials to minimize the risk of exploitation.

Correção

Insufficiently Protected Credentials

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-522CWE-284

Identificadores relacionados

BDU:2023-02088

CVE-2023-1137

ZDI-23-685

Produtos afetados

Infrasuite Device Master

PT-2023-2323 · Delta Electronics · Infrasuite Device Master

CVE-2023-1137

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5