PT-2024-13146 · Aten · Aten Pe6208
Published
2024-05-28
·
Updated
2024-08-20
·
CVE-2023-43848
CVSS v3.1
8.0
High
| Vector | AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Aten PE6208 versions 2.3.228 through 2.4.232
Description
The issue concerns incorrect access control in the firewall management function of the web interface, allowing remote authenticated users to alter local firewall settings as if they were the administrator. This is achieved via an HTTP POST request.
Recommendations
For versions 2.3.228 through 2.4.232, consider restricting access to the firewall management function in the web interface until a patch is available.
As a temporary workaround, avoid using the HTTP POST request to alter local firewall settings.
Restrict access to the web interface to minimize the risk of exploitation.
Exploit
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aten Pe6208