CVE-2023-36647

Published: Dec 12, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens.

Affected (1)

Products: Prolion: Cryptospike

Prolion

1 product

Cryptospike

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Prolion Cryptospike	Version 3.0.15 p2

Related CWEs

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36647

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36647

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.