CVE-2023-41920

{"id": "CVE-2023-41920", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cert@ncsc.nl", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-07-02T08:15:03.950", "references": [{"url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273", "source": "cert@ncsc.nl"}, {"url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cert@ncsc.nl", "description": [{"lang": "en", "value": "CWE-305"}]}], "descriptions": [{"lang": "en", "value": "The vulnerability allows attackers access to the root account without having to authenticate. Specifically, if the device is configured with the IP address of 10.10.10.10, the root user is automatically logged in."}, {"lang": "es", "value": "La vulnerabilidad permite a los atacantes acceder a la cuenta ra\u00edz sin tener que autenticarse. Espec\u00edficamente, si el dispositivo est\u00e1 configurado con la direcci\u00f3n IP 10.10.10.10, el usuario root inicia sesi\u00f3n autom\u00e1ticamente."}], "lastModified": "2024-11-21T08:21:55.490", "sourceIdentifier": "cert@ncsc.nl"}