[Update 22/11/2023] Incorrect input data validation in Lanaccess ONSAFE MonitorHM Web Console
Posted date 08/11/2023
Importance
4 - High
Affected Resources
Lanaccess ONSAFE MonitorHM, version 3.7.0.
Description
INCIBE has coordinated the publication of 1 vulnerabilitiy that affects Lanaccess ONSAFE MonitorHM 3.7.0, which have been discovered by Petar Alexandrov Nikolov.
This vulnerabilitiy has been assigned the following code, CVSS v3.1 base score, CVSS vector string, and CWE vulnerability type:
- CVE-2023-6012: CVSS v3.1: 8.3 | CVSS: AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L | CWE-20.
Solution
[Update 22/11/2023] The vulnerability has been fixed in version 4.1.3 (2021 and later). The equipment allows a system administrator user in local mode to configure the system in protected mode, being able to disable access to commands completely.
Detail
- CVE-2023-6012: an improper input validation vulnerability has been found in Lanaccess ONSAFE MonitorHM affecting version 3.7.0. This vulnerability could lead a remote attacker to exploit the checkbox element and perform remote code execution, compromising the entire infrastructure.
References list
Etiquetas