CVE-2023-33274

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jul 12, 2023

Updated: Jul 25, 2023

CWE ID 287

Summary

CVE-2023-33274 is a vulnerability affecting PowerShield SNMP Web Pro 1.1, where the authentication mechanism fails to verify cookies, enabling unauthenticated users to gain access to Common Gateway Interface (CGI) scripts. This issue arises due to the absence of HTTP Digest authentication and affects all installations of SNMP Web Pro 1.1, regardless of the web interface password. The consequence is unauthorized access to CGI scripts, potentially leading to serious security implications.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

VOLTRONIC POWER TECHNOLOGY CORP.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r-HFQI
https://www.cve.org/CVERecord?id=CVE-2023-33274
https://nvd.nist.gov/vuln/detail/CVE-2023-33274

Back to Vulnerability Database

CVE-2023-33274

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations