CVE-2023-53908

Name of the Vulnerable Software and Affected Versions HiSecOS version 04.0.01

Description The software contains a flaw that allows authenticated users to change their access level. This is possible through specially crafted XML payloads sent to the /mops data API endpoint using NETCONF configuration. By manipulating the role value within the XML, attackers can elevate their privileges to an administrative level.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the /mops data API endpoint to minimize the risk of exploitation.