PT-2023-23219 · Snap One · Ovrc Pro
Uri Katz
·
Published
2023-05-22
·
Updated
2023-05-30
·
CVE-2023-31193
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Snap One OvrC Pro versions prior to 7.3
Description
The issue concerns the use of HTTP connections instead of HTTPS when downloading programs from servers, making devices susceptible to exploitation.
Recommendations
For versions prior to 7.3, consider configuring the system to use HTTPS connections for downloading programs from servers as a mitigation measure.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ovrc Pro