CVE-2023-48428

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Dec 12, 2023

Updated: Dec 14, 2023

CWE ID 78

Summary

CVE-2023-48428 is a vulnerability affecting all versions of SINEC INS (Intelligent Network Security) prior to V1.0 SP2 Update 2. This issue lies in the radius configuration mechanism, which fails to adequately verify uploaded certificates. A malicious administrator can exploit this flaw by uploading a specially crafted certificate, leading to a denial-of-service condition or even gaining system-level command execution.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Siemens AG

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/s1iD7D
https://www.cve.org/CVERecord?id=CVE-2023-48428
https://nvd.nist.gov/vuln/detail/CVE-2023-48428

Back to Vulnerability Database

CVE-2023-48428

CVSS 3.1 Score 7.2 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations