[Update 22/11/2023] Incorrect input data validation in Lanaccess ONSAFE MonitorHM Web Console

Posted date 08/11/2023
Importance
4 - High
Affected Resources

Lanaccess ONSAFE MonitorHM, version 3.7.0.

Description

INCIBE has coordinated the publication of 1 vulnerabilitiy that affects Lanaccess ONSAFE MonitorHM 3.7.0, which have been discovered by Petar Alexandrov Nikolov.

This vulnerabilitiy has been assigned the following code, CVSS v3.1 base score, CVSS vector string, and CWE vulnerability type:

  • CVE-2023-6012: CVSS v3.1: 8.3 | CVSS: AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L | CWE-20.
Solution
Detail
  • CVE-2023-6012: an improper input validation vulnerability has been found in Lanaccess ONSAFE MonitorHM affecting version 3.7.0. This vulnerability could lead a remote attacker to exploit the checkbox element and perform remote code execution, compromising the entire infrastructure.
References list