PT-2024-13141 · Aten · Aten Pe6208
Published
2024-05-28
·
Updated
2024-11-18
·
CVE-2023-43843
CVSS v3.1
7.3
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Aten PE6208 versions 2.3.228 through 2.4.232
Description
The issue is related to incorrect access control in the account management function of the web interface, allowing remote authenticated users to read user and administrator account passwords via an HTTP GET request.
Recommendations
For versions 2.3.228 through 2.4.232, consider restricting access to the account management function until a fix is available.
As a temporary workaround, avoid using the HTTP GET request to access user and administrator account passwords.
Restrict access to the web interface to minimize the risk of exploitation.
Exploit
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aten Pe6208