CVE-2023-3243 Vulnerability Details

  /     /     /  

CVE-2023-3243 Metadata Quick Info

CVE Published: 28/06/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: Honeywell | Vendor: Alerton | Product: BCM-WEB
Status : PUBLISHED

CVE-2023-3243 Description

** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authenticating hash and utilize it to create new sessions. The hash is also a poorly salted MD5 hash, which could result in a successful brute force password attack. Impacted product is BCM-WEB version 3.3.X. Recommended fix: Upgrade to a supported product such as Alerton ACM.] Out of an abundance of caution, this CVE ID is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. 

Metrics

CVSS Version: 3.1 | Base Score: 8.3 HIGH
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* ADJACENT_NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID: CWE-290
CWE Name: CWE-290 Authentication Bypass by Spoofing
Source: Alerton

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-233
CAPEC Description: CAPEC-233 Privilege Escalation