PT-2023-17180 · Rapid7 · Rapid7 Nexpose
Casey Cooper
·
Published
2023-03-30
·
Updated
2023-04-06
·
CVE-2023-1699
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Rapid7 Nexpose versions 6.6.186 and below
Description
This issue allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. The vulnerability is related to forced browsing, which enables unauthorized access to sensitive areas of the system.
Recommendations
For versions 6.6.186 and below, update to version 6.6.187 to resolve the issue. As a temporary workaround, consider restricting access to administrative pages until the update can be applied.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rapid7 Nexpose