CVE-2023-46723

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Oct 31, 2023

Updated: Nov 8, 2023

CWE ID 538

Summary

CVE-2023-46723 is a vulnerability affecting the lte-pic32-writer software used for programming PIC32 devices. In its versions prior to 0.0.1, the software is susceptible to unauthorized access of the sendto.txt file. This file, which can contain SNS (such as Slack and Zulip) URLs and API keys, poses a significant risk if accessed by attackers. At present, a patch to rectify this issue has not been released. Users can implement workarounds, such as avoiding the use of sendto.txt or blocking access to it through .htaccess.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tIwZgG
https://www.cve.org/CVERecord?id=CVE-2023-46723
https://nvd.nist.gov/vuln/detail/CVE-2023-46723

Back to Vulnerability Database

CVE-2023-46723

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations