CVE-2023-40236

Published: Dec 25, 2023Modified: Apr 23, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 1.6 / Impact: 3.6

Source: NVD

Description

In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass.

Affected (1)

Products: Pexip: Virtual Meeting Rooms

Pexip

1 product

Virtual Meeting Rooms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pexip Virtual Meeting Rooms	Before 3.0

Related CWEs

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

https://docs.pexip.com/admin/security_bulletins.htm

Source: cve@mitre.org

Vendor Advisory

https://docs.pexip.com/admin/security_bulletins.htm

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.