CVE-2023-0352

Published: Mar 13, 2023Modified: Nov 21, 2024

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

The Akuvox E11 password recovery webpage can be accessed without authentication, and an attacker could download the device key file. An attacker could then use this page to reset the password back to the default.

Affected (1)

Products: Akuvox: E11 Firmware

Akuvox

1 product

E11 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Akuvox E11 Firmware	All versions

Running on/with	Platform Versions
Akuvox E11	All versions

References (2)

https://www.cisa.gov/news-events/ics-advisories/icsa-23-068-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-23-068-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.