PT-2023-28302 · Unknown · Mobile Security Framework

Woshinibaba222

Publicado

2023-09-21

Atualizado

2024-08-02

CVE-2023-42261

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mobile Security Framework (MobSF) versions <=3.7.8 Beta

Description The issue is related to Insecure Permissions. The vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could use a reverse proxy server.

Recommendations For Mobile Security Framework (MobSF) versions <=3.7.8 Beta, consider using a reverse proxy server to implement authentication, as the product itself does not have authentication implemented by design. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Incorrect Default Permissions

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-276

Identificadores relacionados

CVE-2023-42261

GHSA-CC8J-6PHR-JV9X

PYSEC-2023-310

Produtos afetados

Mobile Security Framework

PT-2023-28302 · Unknown · Mobile Security Framework

CVE-2023-42261

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13