CVE-2023-6929

Published: Dec 19, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers can bypass authorization, access the hidden resources on the system, and execute privileged functionalities.

Affected (2)

Products: Eurotel: Etl3100 Firmware

1 product

Etl3100 Firmware

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Eurotel Etl3100 Firmware	Version 01c01
Eurotel Etl3100 Firmware	Version 01x37

Running on/with	Platform Versions
Eurotel Etl3100	All versions

Related CWEs

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (2)

https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-05

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-05

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.