CVE-2023-31923

Published: May 22, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A vulnerability in the web application allows an authenticated attacker with "User Operator" privileges to create a highly privileged user account. The vulnerability is caused by missing server-side validation, which can be exploited to gain full administrator privileges on the system.

Affected (1)

Products: Supremainc: Biostar 2

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Supremainc Biostar 2	Before 2.9.1

Related CWEs

Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

References (2)

https://nobugescapes.com/blog/creating-a-new-user-with-admin-privilege/

Source: cve@mitre.org

ExploitThird Party Advisory

https://nobugescapes.com/blog/creating-a-new-user-with-admin-privilege/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.