CVE-2023-3050
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: iletisim@usom.gov.tr (Secondary)
Description
Reliance on Cookies without Validation and Integrity Checking in a Security Decision vulnerability in TMT Lockcell allows Privilege Abuse, Authentication Bypass.
This issue affects Lockcell: before 15.
Affected (1)
Products: Tmtmakine: Lockcell Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 15.0 |
| Running on/with | Platform Versions |
|---|---|
Tmtmakine Lockcell | All versions |
Related CWEs
CWE-565
Reliance on Cookies without Validation and Integrity Checking
The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.
CWE-784
Reliance on Cookies without Validation and Integrity Checking in a Security Decision
The product uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated user.
References (5)
Source: iletisim@usom.gov.tr
ExploitThird Party Advisory
Source: iletisim@usom.gov.tr
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Timeline
No history available yet.