CVE-2023-28727

Name of the Vulnerable Software and Affected Versions Panasonic AiSEG2 versions 2.00J through 2.93A

Description The issue allows adjacent attackers to bypass authentication due to mishandling of X-Forwarded-For headers. This can be exploited by attackers to gain unauthorized access.

Recommendations For Panasonic AiSEG2 versions 2.00J through 2.93A, consider restricting access to the API endpoint that handles the X-Forwarded-For headers until a patch is available. As a temporary workaround, disabling the handling of X-Forwarded-For headers may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.