CVE-2023-29446

CVSS 3.1 Score 4.7 of 10 (medium)

Details

Published Jan 10, 2024

Updated: Jan 19, 2024

CWE ID 20

Summary

CVE-2023-29446 is a newly identified input validation vulnerability. Malicious project files containing UNC paths can be injected, leading to NLTMv2 hash capture. An adversary can exploit this weakness to crack these hashes offline, potentially gaining unauthorized access to sensitive data. This vulnerability underscores the importance of validating and sanitizing user inputs to prevent such attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

PTC Kepware KEPServerEX

Affected Vendors

PTC Inc

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/shJwyN
https://www.cve.org/CVERecord?id=CVE-2023-29446
https://nvd.nist.gov/vuln/detail/CVE-2023-29446

Back to Vulnerability Database