CVE-2023-37857 Vulnerability Details

  /     /     /  

CVE-2023-37857 Metadata Quick Info

CVE Published: 09/08/2023 | CVE Updated: 08/10/2024 | CVE Year: 2023
Source: CERTVDE | Vendor: PHOENIX CONTACT | Product: WP 6070-WVPS
Status : PUBLISHED

---

CVE-2023-37857 Description

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. These session-cookies created by the attacker are not sufficient to obtain a valid session on the device.

Metrics

CVSS Version: 3.1 | Base Score: 3.8 LOW
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* HIGH
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* LOW
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-798
CWE Name: CWE-798 Use of Hard-coded Credentials
Source: PHOENIX CONTACT

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).