CVE-2023-46294

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-46294
An issue was discovered in Teledyne FLIR M300 2.00-19. User account passwords are encrypted locally, and can be decrypted to cleartext passwords using the utility umSetup. This utility requires root permissions to execute.

3.4 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 2.5

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://Loudmouth.io
https://gitlab.com/loudmouth-security/vulnerability-disclosures/cve-2023-46294
Configurations

No configuration.

History

04 Nov 2024, 17:35

Type Values Removed Values Added
CWE CWE-312
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 3.4

02 May 2024, 13:27

Type Values Removed Values Added
Summary
  • (es) Se descubrió un problema en Teledyne FLIR M300 2.00-19. Las contraseñas de las cuentas de usuario se cifran localmente y se pueden descifrar en contraseñas de texto plano mediante la utilidad umSetup. Esta utilidad requiere permisos de root para ejecutarse.

01 May 2024, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-01 20:15

Updated : 2024-11-04 17:35

NVD link : CVE-2023-46294

Mitre link : CVE-2023-46294

CVE.ORG link : CVE-2023-46294

JSON object : View

Products Affected

No product.

CWE
CWE-312

Cleartext Storage of Sensitive Information


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024