PT-2024-13140 · Aten · Aten Pe6208
Published
2024-05-28
·
Updated
2024-11-15
·
CVE-2023-43842
CVSS v3.1
7.3
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Aten PE6208 versions 2.3.228 through 2.4.232
Description
The issue concerns incorrect access control in the account management function of the web interface, allowing remote authenticated users to alter user and administrator account credentials via an HTTP POST request.
Recommendations
For versions 2.3.228 through 2.4.232, as a temporary workaround, consider restricting access to the account management function in the web interface until a patch is available. Restrict access to the vulnerable account management module to minimize the risk of exploitation. Avoid using the HTTP POST request to alter user and administrator account credentials in the affected API endpoint until the issue is resolved.
Exploit
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aten Pe6208