CVE-2023-33372 Vulnerability Details

  /     /     /  

CVE-2023-33372 Metadata Quick Info

CVE Published: 04/08/2023 | CVE Updated: 17/10/2024 | CVE Year: 2023
Source: mitre | Vendor: n/a | Product: n/a
Status : PUBLISHED

---

CVE-2023-33372 Description

Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device\'s firmware used for device communication using MQTT. An attacker who gained access to these credentials is able to connect to the MQTT broker and send messages on behalf of devices, impersonating them. in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: n/a
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).