PT-2023-23524 · Suprema · Suprema Biostar 2

Publicado

2023-05-22

Atualizado

2023-06-01

CVE-2023-31923

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Suprema BioStar 2 versions prior to 2.9.1

Description A vulnerability in the web application of Suprema BioStar 2 allows an authenticated attacker with User Operator privileges to create a highly privileged user account. This issue is caused by missing server-side validation, which can be exploited to gain full administrator privileges on the system.

Recommendations For Suprema BioStar 2 versions prior to 2.9.1, update to version 2.9.1 or later to resolve the issue. As a temporary workaround, consider restricting the creation of new user accounts to prevent potential exploitation until the update is applied.

Exploit

Correção

Improper Preservation of Permissions

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-281

Identificadores relacionados

CVE-2023-31923

Produtos afetados

Suprema Biostar 2

PT-2023-23524 · Suprema · Suprema Biostar 2

CVE-2023-31923

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4