PT-2024-13040 · Cybellum · Cybellum'S Qcow Air-Gapped Distribution
Delikely
·
Published
2024-03-04
·
Updated
2024-03-05
·
CVE-2023-42419
CVSS v3.1
3.8
Low
| Vector | AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Cybellum's QCOW air-gapped distribution (China Edition) versions 2.15.5 through 2.27
Description
The issue concerns a hard-coded private cryptographic key in the Maintenance Server of Cybellum's QCOW air-gapped distribution (China Edition). An attacker with administrative privileges and access to the air-gapped server could potentially use this key to run commands on the server.
Recommendations
For versions 2.15.5 through 2.27, update to version 2.28 to resolve the issue. As a temporary workaround, consider restricting access to the Maintenance Server to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cybellum'S Qcow Air-Gapped Distribution