PT-2023-32580 · Network Optix · Network Optix Nxcloud

Publicado

2023-11-22

Atualizado

2023-12-18

CVE-2023-6263

CVSS v3.1

8.3

Alta

Vetor

AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Network Optix NxCloud versions prior to 23.1.0.40440

Description An issue was discovered in Network Optix NxCloud, where it was possible to add a fake VMS server by using the exact identification of a legitimate VMS server. As a result, it was possible to retrieve authorization headers from legitimate users when the legitimate client connects to the fake VMS server.

Recommendations For versions prior to 23.1.0.40440, update to version 23.1.0.40440 or later to resolve the issue.

Correção

Authentication Bypass by Spoofing

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-290

Identificadores relacionados

CVE-2023-6263

Produtos afetados

Network Optix Nxcloud

PT-2023-32580 · Network Optix · Network Optix Nxcloud

CVE-2023-6263

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4