CVE-2023-24476

CVSS v3 1.8 LOW

1.8^/10

CVSS v3 : LOW

Vector :

Exploitability : 0.3 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid.

References

Link	Resource
https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13	Broken Link
https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13	Third Party Advisory US Government Resource
https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13	Broken Link

Configurations

Configuration 1 (hide)

cpe:2.3:a:ptc:vuforia_studio:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:47

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~3.3~~	v2 : unknown v3 : 1.8
References	~~() https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13 - Broken Link~~	() https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13 - Broken Link

Information

Published : 2023-06-07 22:15

Updated : 2024-11-21 07:47

NVD link : CVE-2023-24476

Mitre link : CVE-2023-24476

CVE.ORG link : CVE-2023-24476

JSON object : View

Products Affected

vuforia_studio

CWE

CWE-285

Improper Authorization

NVD-CWE-noinfo

{"id": "CVE-2023-24476", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 1.8, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 0.3}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2023-06-07T22:15:09.553", "references": [{"url": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13", "tags": ["Broken Link"], "source": "[email protected]"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13", "tags": ["Third Party Advisory", "US Government Resource"], "source": "[email protected]"}, {"url": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-285"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "\nAn attacker with local access to the machine could record the traffic, \nwhich could allow them to resend requests without the server \nauthenticating that the user or session are valid.\n\n"}], "lastModified": "2024-11-21T07:47:56.170", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ptc:vuforia_studio:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0401ACC-907D-43E1-9CAE-FC94DC02C9F7", "versionEndExcluding": "9.9"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}