CVE-2023-4392

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Aug 17, 2023

Updated: May 17, 2024

CWE ID 312

Summary

CVE-2023-4392 is a newly disclosed vulnerability affecting Control iD Gerencia Web 1.30. This issue lies within the Cookie Handler component, which is currently unidentified in functionality. The manipulation of this vulnerability results in the cleartext storage of sensitive data. The attack can be executed remotely, but the complexity and difficulty of exploitation are relatively high. Unfortunately, the exploit has been made public, increasing the risk of potential attacks. Vendor response has been lacking since early notification of this disclosure. (VDB-237380)

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

ASSA ABLOY AB

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sXlfYK
https://www.cve.org/CVERecord?id=CVE-2023-4392
https://nvd.nist.gov/vuln/detail/CVE-2023-4392

Back to Vulnerability Database

CVE-2023-4392

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations