PT-2023-25889 · Galaxy Software Services · Galaxy Software Services Vitals Esp
Cyku
·
Published
2023-07-21
·
Updated
2024-10-14
·
CVE-2023-37291
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Galaxy Software Services Vitals ESP versions 3.0.8 through 6.2.0
Description
The issue is related to the use of a hard-coded encryption key in Galaxy Software Services Vitals ESP. An unauthenticated remote attacker can generate a valid
token parameter and exploit this to access the system, operate processes, and access data.Recommendations
For versions 3.0.8 through 6.2.0, consider disabling the use of the hard-coded encryption key as a temporary workaround until a patch is available. Restrict access to sensitive processes and data to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Galaxy Software Services Vitals Esp