CVE-2023-36483

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-36483

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

A

uthorization bypass can be achieved by session ID prediction in MASmobile Classic Android  version 1.16.18 and earlier and MASmobile Classic iOS version 1.7.24 and earlier which allows remote attackers to retrieve sensitive data  including customer data, security system status, and event history.

References
Link Resource
https://www.corporate.carrier.com/product-security/advisories-resources/ Not Applicable Vendor Advisory
https://www.corporate.carrier.com/product-security/advisories-resources/ Not Applicable Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:honeywell:masmobile_asp.net_services:*:*:*:*:*:*:*:*
cpe:2.3:a:honeywell:masmobile_classic:*:*:*:*:*:iphone_os:*:*
cpe:2.3:a:honeywell:masmobile_classic:*:*:*:*:*:android:*:*
History

25 Feb 2026, 17:22

Type Values Removed Values Added
Summary (en) Authorization bypass can be achieved by session ID prediction in MASmobile Classic Android  version 1.16.18 and earlier and MASmobile Classic iOS version 1.7.24 and earlier which allows remote attackers to retrieve sensitive data  including customer data, security system status, and event history. (en) Authorization bypass can be achieved by session ID prediction in MASmobile Classic Android  version 1.16.18 and earlier and MASmobile Classic iOS version 1.7.24 and earlier which allows remote attackers to retrieve sensitive data  including customer data, security system status, and event history.
References () https://www.corporate.carrier.com/product-security/advisories-resources/ - Vendor Advisory, Not Applicable () https://www.corporate.carrier.com/product-security/advisories-resources/ - Not Applicable, Vendor Advisory

18 Feb 2026, 14:26

Type Values Removed Values Added
References () https://www.corporate.carrier.com/product-security/advisories-resources/ - () https://www.corporate.carrier.com/product-security/advisories-resources/ - Vendor Advisory, Not Applicable
First Time Honeywell masmobile Asp.net Services
Honeywell
Honeywell masmobile Classic
CPE cpe:2.3:a:honeywell:masmobile_classic:*:*:*:*:*:iphone_os:*:*
cpe:2.3:a:honeywell:masmobile_classic:*:*:*:*:*:android:*:*
cpe:2.3:a:honeywell:masmobile_asp.net_services:*:*:*:*:*:*:*:*

21 Nov 2024, 08:09

Type Values Removed Values Added
References () https://www.corporate.carrier.com/product-security/advisories-resources/ - () https://www.corporate.carrier.com/product-security/advisories-resources/ -
Information

Published : 2024-03-16 05:15

Updated : 2026-02-25 17:22

NVD link : CVE-2023-36483

Mitre link : CVE-2023-36483

CVE.ORG link : CVE-2023-36483

JSON object : View

Products Affected

honeywell

CWE
CWE-639

Authorization Bypass Through User-Controlled Key