CVE-2023-41919

Hardcoded credentials are discovered within the application's source code, creating a potential security risk for unauthorized access.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273	Third Party Advisory
https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:kiloview:p2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:kiloview:p2:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:kiloview:p1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:kiloview:p1:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:21

Type	Values Removed	Values Added
References	~~() https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273 - Third Party Advisory~~	() https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273 - Third Party Advisory

22 Aug 2024, 13:44

Type	Values Removed	Values Added
References	~~() https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273 -~~	() https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273 - Third Party Advisory
CPE		cpe:2.3:o:kiloview:p2_firmware:::::::: cpe:2.3:o:kiloview:p1_firmware:::::::: cpe:2.3:h:kiloview:p2:-:::::::* cpe:2.3:h:kiloview:p1:-:::::::*
First Time		Kiloview p1 Firmware Kiloview p1 Kiloview Kiloview p2 Kiloview p2 Firmware

02 Jul 2024, 12:09

Type	Values Removed	Values Added
Summary		(es) Las credenciales codificadas se descubren dentro del código fuente de la aplicación, lo que crea un riesgo potencial de seguridad para el acceso no autorizado.

02 Jul 2024, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-02 08:15

Updated : 2024-11-21 08:21

NVD link : CVE-2023-41919

Mitre link : CVE-2023-41919

CVE.ORG link : CVE-2023-41919

JSON object : View

Products Affected

kiloview

p2
p1_firmware
p2_firmware
p1

CWE

CWE-798

Use of Hard-coded Credentials

{"id": "CVE-2023-41919", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cert@ncsc.nl", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-07-02T08:15:03.680", "references": [{"url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273", "tags": ["Third Party Advisory"], "source": "cert@ncsc.nl"}, {"url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cert@ncsc.nl", "description": [{"lang": "en", "value": "CWE-798"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "Hardcoded credentials are discovered within the application's source code, creating a potential security risk for unauthorized access."}, {"lang": "es", "value": "Las credenciales codificadas se descubren dentro del c\u00f3digo fuente de la aplicaci\u00f3n, lo que crea un riesgo potencial de seguridad para el acceso no autorizado."}], "lastModified": "2024-11-21T08:21:55.340", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:kiloview:p2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "981702C0-11D2-4F9B-AF7F-E55C5B5F07E8", "versionEndIncluding": "4.8.2605"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:kiloview:p2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FAD8304E-A310-4C8F-AA4B-4CE20F3F1943"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:kiloview:p1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93E280EE-9B00-428B-A8FF-CC03D5A6EC69", "versionEndIncluding": "4.8.2605"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:kiloview:p1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BC15AF27-4AFD-4D51-B842-651BEE81E7C2"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cert@ncsc.nl"}