CVE-2023-33730

Published: May 31, 2023Modified: Jan 10, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user in plain text format.

Affected (1)

Products: Escanav: Escan Management Console

Escanav

1 product

Escan Management Console

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Escanav Escan Management Console	Version 14.0.1400.2281

Related CWEs

CWE-319

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (2)

https://github.com/sahiloj/CVE-2023-33730/blob/main/CVE-2023-33730.md

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/sahiloj/CVE-2023-33730/blob/main/CVE-2023-33730.md

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.