CVE-2023-41926

{"id": "CVE-2023-41926", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cert@ncsc.nl", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-07-02T08:15:04.773", "references": [{"url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273", "source": "cert@ncsc.nl"}, {"url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cert@ncsc.nl", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "The webserver utilizes basic authentication for its user login to the configuration interface. As encryption is disabled on port 80, it enables potential eavesdropping on user traffic, making it possible to intercept their credentials."}, {"lang": "es", "value": "El servidor web utiliza autenticaci\u00f3n b\u00e1sica para que el usuario inicie sesi\u00f3n en la interfaz de configuraci\u00f3n. Como el cifrado est\u00e1 deshabilitado en el puerto 80, permite posibles escuchas en el tr\u00e1fico de los usuarios, lo que hace posible interceptar sus credenciales."}], "lastModified": "2024-11-21T08:21:56.017", "sourceIdentifier": "cert@ncsc.nl"}