Arconte Aurea, versions below 18.104.22.168
INCIBE has coordinated the publication of 5 vulnerabilities that affect Fujitsu Arconte Áurea, a software for recording court hearings, which have been discovered by Pablo Arias Rodriguez and Jorge Alberto Palma Reyes, members of CSIRT-CV.
These vulnerabilities have been assigned the following codes, CVSS v3.1 base score, CVSS vector string and the CWE vulnerability type of each vulnerability:
- CVE-2023-4092: CVSS v3.1: 8,8 | CVSS: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | CWE-89.
- CVE-2023-4093: CVSS v3.1: 5,5 | CVSS: AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L | CWE-79.
- CVE-2023-4094: CVSS v3.1: 6,5 | CVSS: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L | CWE-1390.
- CVE-2023-4095: CVSS v3.1: 5,3 | CVSS: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | CWE-204.
- CVE-2023-4096: CVSS v3.1: 8,6 | CVSS: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L | CWE-604.
This vulnerabilities have been fixed by Fujitsu in version 22.214.171.124, released on 4/4/2022. All new versions of the product, including the latest 126.96.36.199, also include the fixes.
- CVE-2023-4092: SQL injection vulnerability, the exploitation of which could allow an attacker to read sensitive data from the database, modify data (insert/update/delete), perform database administration operations and, in some cases, execute commands on the operating system.
- CVE-2023-4094: ARCONTE Aurea's authentication system could allow an attacker to make incorrect access requests in order to block each legitimate account and cause a denial of service. In addition, a resource has been identified that could allow circumventing the attempt limit set in the login form.
- CVE-2023-4095: user enumeration vulnerability, which could allow an attacker to obtain a list of registered users in the application, obtaining the necessary information to perform more complex attacks on the platform.
- CVE-2023-4096: the affected software has a weak password recovery mechanism, which could allow an attacker to perform a brute force attack on the emailed PIN number in order to change the password of a legitimate user.