CVE-2023-3243

{"id": "CVE-2023-3243", "cveTags": [{"tags": ["unsupported-when-assigned"], "sourceIdentifier": "[email protected]"}], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-06-28T21:15:10.310", "references": [{"url": "https://www.honeywell.com/us/en/product-security", "tags": ["Not Applicable"], "source": "[email protected]"}, {"url": "https://www.honeywell.com/us/en/product-security", "tags": ["Not Applicable"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-290"}, {"lang": "en", "value": "CWE-326"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "\n** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authenticating hash\nand utilize it to create new sessions. The hash is also a poorly salted MD5\nhash, which could result in a successful brute force password attack. Impacted product is BCM-WEB version 3.3.X.\u00a0Recommended fix: Upgrade to a supported product such\nas Alerton\nACM.] Out of an abundance of caution, this CVE ID is being assigned to \nbetter serve our customers and ensure all who are still running this product understand \nthat the product is end of life and should be removed or upgraded.\u00a0\n\n"}], "lastModified": "2024-11-21T08:16:47.080", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:honeywell:alerton_bcm-web_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7EBA40E5-B39F-4951-B5CC-0FBD2C1AF827"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:honeywell:alerton_bcm-web:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B0859F55-5F78-4C5E-B01E-8E84B7D34E45"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}