Common Weakness Enumeration

CWE-287

Discouraged

Improper Authentication

Abstraction: Class · Status: Draft

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

5968 vulnerabilities reference this CWE, most recent first.

CVE-2023-3337 (GCVE-0-2023-3337)

Vulnerability from cvelistv5 – Published: 2023-06-20 12:00 – Updated: 2024-08-02 06:55
VLAI
Title
PuneethReddyHC Online Shopping System Advanced Admin Registration reg.php improper authentication
Summary
A vulnerability was found in PuneethReddyHC Online Shopping System Advanced 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/reg.php of the component Admin Registration. The manipulation leads to improper authentication. The attack can be launched remotely. The identifier VDB-232009 was assigned to this vulnerability.
CWE
  • CWE-287 - Improper Authentication
Assigner
References
URL Tags
https://vuldb.com/?id.232009 vdb-entrytechnical-description
https://vuldb.com/?ctiid.232009 signature
Impacted products
Credits
kr1shna4garwal (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:55:03.174Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.232009"
          },
          {
            "tags": [
              "signature",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.232009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Admin Registration"
          ],
          "product": "Online Shopping System Advanced",
          "vendor": "PuneethReddyHC",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "analyst",
          "value": "kr1shna4garwal (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in PuneethReddyHC Online Shopping System Advanced 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/reg.php of the component Admin Registration. The manipulation leads to improper authentication. The attack can be launched remotely. The identifier VDB-232009 was assigned to this vulnerability."
        },
        {
          "lang": "de",
          "value": "In PuneethReddyHC Online Shopping System Advanced 1.0 wurde eine kritische Schwachstelle ausgemacht. Hierbei betrifft es unbekannten Programmcode der Datei /admin/reg.php der Komponente Admin Registration. Durch Manipulieren mit unbekannten Daten kann eine improper authentication-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 7.5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-23T13:35:38.691Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.232009"
        },
        {
          "tags": [
            "signature"
          ],
          "url": "https://vuldb.com/?ctiid.232009"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-06-20T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2023-06-20T00:00:00.000Z",
          "value": "CVE reserved"
        },
        {
          "lang": "en",
          "time": "2023-06-20T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2023-07-16T08:13:16.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "PuneethReddyHC Online Shopping System Advanced Admin Registration reg.php improper authentication"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2023-3337",
    "datePublished": "2023-06-20T12:00:04.541Z",
    "dateReserved": "2023-06-20T11:43:22.300Z",
    "dateUpdated": "2024-08-02T06:55:03.174Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-3127 (GCVE-0-2023-3127)

Vulnerability from cvelistv5 – Published: 2023-07-11 21:06 – Updated: 2024-10-22 20:31
VLAI
Title
Improper Authentication in iSTAR
Summary
An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-287 - Improper Authentication
Assigner
jci
Date Public
2023-07-11 21:03
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:48:07.288Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-192-02"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3127",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T20:30:47.341803Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T20:31:09.969Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "iSTAR Ultra",
          "vendor": "Sensormatic Electronics, a subsidiary of Johnson Controls, Inc.",
          "versions": [
            {
              "lessThan": "6.9.2 CU01",
              "status": "affected",
              "version": "\u003e6.8.6",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "iSTAR Ultra LT",
          "vendor": "Sensormatic Electronics, a subsidiary of Johnson Controls, Inc.",
          "versions": [
            {
              "lessThan": "6.9.2 CU01",
              "status": "affected",
              "version": "\u003e6.8.6",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "iSTAR Ultra G2",
          "vendor": "Sensormatic Electronics, a subsidiary of Johnson Controls, Inc.",
          "versions": [
            {
              "lessThan": "6.9.2 CU01",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "iSTAR Edge G2",
          "vendor": "Sensormatic Electronics, a subsidiary of Johnson Controls, Inc.",
          "versions": [
            {
              "lessThan": "6.9.2 CU01",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-07-11T21:03:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights."
            }
          ],
          "value": "An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-11T21:06:29.003Z",
        "orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
        "shortName": "jci"
      },
      "references": [
        {
          "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
        },
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-192-02"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Upgrade iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 firmware to version 6.9.2 CU01.\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "Upgrade iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 firmware to version 6.9.2 CU01.\n\n"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Improper Authentication in iSTAR",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
    "assignerShortName": "jci",
    "cveId": "CVE-2023-3127",
    "datePublished": "2023-07-11T21:06:29.003Z",
    "dateReserved": "2023-06-06T14:51:53.713Z",
    "dateUpdated": "2024-10-22T20:31:09.969Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-3065 (GCVE-0-2023-3065)

Vulnerability from cvelistv5 – Published: 2023-06-05 08:27 – Updated: 2025-01-08 17:21
VLAI
Title
Mobatime mobile application - Authentication bypass
Summary
Improper Authentication vulnerability in Mobatime mobile application AMXGT100 allows Authentication Bypass.This issue affects Mobatime mobile application AMXGT100 through 1.3.20.
SSVC
Exploitation: poc Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-287 - Improper Authentication
Assigner
Impacted products
Vendor Product Version
Mobatime Mobatime mobile application AMXGT100 Affected: 0 , ≤ 1.3.20 (custom)
Create a notification for this product.
Credits
testeurdestylos
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:41:04.387Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://borelenzo.github.io/stuff/2023/06/02/cve-2023-3064_65_66.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3065",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-08T17:20:55.336431Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-08T17:21:15.239Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "API"
          ],
          "packageName": "com.Mobatime.AMXGT100",
          "product": "Mobatime mobile application AMXGT100",
          "vendor": "Mobatime",
          "versions": [
            {
              "lessThanOrEqual": "1.3.20",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "testeurdestylos"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Authentication vulnerability in Mobatime mobile application AMXGT100 allows Authentication Bypass.\u003cp\u003eThis issue affects Mobatime mobile application AMXGT100 through 1.3.20.\u003c/p\u003e"
            }
          ],
          "value": "Improper Authentication vulnerability in Mobatime mobile application AMXGT100 allows Authentication Bypass.This issue affects Mobatime mobile application AMXGT100 through 1.3.20.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-05T08:27:33.950Z",
        "orgId": "455daabc-a392-441d-aa46-37d35189897c",
        "shortName": "NCSC.ch"
      },
      "references": [
        {
          "url": "https://borelenzo.github.io/stuff/2023/06/02/cve-2023-3064_65_66.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Mobatime mobile application - Authentication bypass",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
    "assignerShortName": "NCSC.ch",
    "cveId": "CVE-2023-3065",
    "datePublished": "2023-06-05T08:27:33.950Z",
    "dateReserved": "2023-06-02T14:24:18.278Z",
    "dateUpdated": "2025-01-08T17:21:15.239Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-3028 (GCVE-0-2023-3028)

Vulnerability from cvelistv5 – Published: 2023-06-01 05:34 – Updated: 2025-01-10 18:45
VLAI
Title
Improper backend communication allows access and manipulation of the telemetry data
Summary
Insufficient authentication in the MQTT backend (broker) allows an attacker to access and even manipulate the telemetry data of the entire fleet of vehicles using the HopeChart HQT-401 telematics unit. Other models are possibly affected too. Multiple vulnerabilities were identified: - The MQTT backend does not require authentication, allowing unauthorized connections from an attacker. - The vehicles publish their telemetry data (e.g. GPS Location, speed, odometer, fuel, etc) as messages in public topics. The backend also sends commands to the vehicles as MQTT posts in public topics. As a result, an attacker can access the confidential data of the entire fleet that is managed by the backend. - The MQTT messages sent by the vehicles or the backend are not encrypted or authenticated. An attacker can create and post messages to impersonate a vehicle or the backend. The attacker could then, for example, send incorrect information to the backend about the vehicle's location. - The backend can inject data into a vehicle´s CAN bus by sending a specific MQTT message on a public topic. Because these messages are not authenticated or encrypted, an attacker could impersonate the backend, create a fake message and inject CAN data in any vehicle managed by the backend. The confirmed version is 201808021036, however further versions have been also identified as potentially impacted.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-319 - Cleartext Transmission of Sensitive Information
  • CWE-345 - Insufficient Verification of Data Authenticity
  • CWE-287 - Improper Authentication
Assigner
References
Impacted products
Credits
Yashin Mehaboobe Ramiro Pareja Veredas
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:41:04.149Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://asrg.io/security-advisories/cve-2023-3028/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3028",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-10T18:45:36.516930Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-10T18:45:46.415Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "HQT401",
          "vendor": "Hangzhou Hopechart IoT Technology Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "201808021036"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Yashin Mehaboobe"
        },
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Ramiro Pareja Veredas"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003e\u003cdiv\u003eInsufficient authentication in the MQTT backend (broker) allows an attacker to access and even manipulate the telemetry data of the entire fleet of vehicles using the HopeChart HQT-401 telematics unit. Other models are possibly affected too.\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003eMultiple vulnerabilities were identified:\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e- The MQTT backend does not require authentication, allowing unauthorized connections from an attacker.\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e- The vehicles publish their telemetry data (e.g. GPS Location, speed, odometer, fuel, etc) as messages in public topics. The backend also sends commands to the vehicles as MQTT posts in public topics. As a result, an attacker can access the confidential data of the entire fleet that is managed by the backend.\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e- The MQTT messages sent by the vehicles or the backend are not encrypted or authenticated. An attacker can create and post messages to impersonate a vehicle or the backend. The attacker could then, for example, send incorrect information to the backend about the vehicle\u0027s location.\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e- The backend can inject data into a vehicle\u00b4s CAN bus by sending a specific MQTT message on a public topic. Because these messages are not authenticated or encrypted, an attacker could impersonate the backend, create a fake message and inject CAN data in any vehicle managed by the backend.\u003c/div\u003e\u003cbr\u003eThe confirmed version is\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e201808021036, however further versions have been also identified as potentially impacted.\u003c/span\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "Insufficient authentication in the MQTT backend (broker) allows an attacker to access and even manipulate the telemetry data of the entire fleet of vehicles using the HopeChart HQT-401 telematics unit. Other models are possibly affected too.\n\n\n\n\n\n\n\n\nMultiple vulnerabilities were identified:\n\n\n\n- The MQTT backend does not require authentication, allowing unauthorized connections from an attacker.\n\n\n\n- The vehicles publish their telemetry data (e.g. GPS Location, speed, odometer, fuel, etc) as messages in public topics. The backend also sends commands to the vehicles as MQTT posts in public topics. As a result, an attacker can access the confidential data of the entire fleet that is managed by the backend.\n\n\n\n- The MQTT messages sent by the vehicles or the backend are not encrypted or authenticated. An attacker can create and post messages to impersonate a vehicle or the backend. The attacker could then, for example, send incorrect information to the backend about the vehicle\u0027s location.\n\n\n\n- The backend can inject data into a vehicle\u00b4s CAN bus by sending a specific MQTT message on a public topic. Because these messages are not authenticated or encrypted, an attacker could impersonate the backend, create a fake message and inject CAN data in any vehicle managed by the backend.\n\n\nThe confirmed version is\u00a0201808021036, however further versions have been also identified as potentially impacted.\n\n\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-194",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-194 Fake the Source of Data"
            }
          ]
        },
        {
          "capecId": "CAPEC-383",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-383 Harvesting Information via API Event Monitoring"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "CWE-319 Cleartext Transmission of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-345",
              "description": "CWE-345 Insufficient Verification of Data Authenticity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-28T05:47:34.600Z",
        "orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
        "shortName": "ASRG"
      },
      "references": [
        {
          "url": "https://asrg.io/security-advisories/cve-2023-3028/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Improper backend communication allows access and manipulation of the telemetry data",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
    "assignerShortName": "ASRG",
    "cveId": "CVE-2023-3028",
    "datePublished": "2023-06-01T05:34:48.206Z",
    "dateReserved": "2023-06-01T05:09:18.844Z",
    "dateUpdated": "2025-01-10T18:45:46.415Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-2706 (GCVE-0-2023-2706)

Vulnerability from cvelistv5 – Published: 2023-05-17 01:58 – Updated: 2026-04-08 17:16
VLAI
Title
OTP Login Woocommerce & Gravity Forms <= 2.2 - Authentication Bypass to Privilege Escalation
Summary
The OTP Login Woocommerce & Gravity Forms plugin for WordPress is vulnerable to authentication bypass. This is due to the fact that when generating OTP codes for users to use in order to login via phone number, the plugin returns these codes in an AJAX response. This makes it possible for unauthenticated attackers to obtain login codes for administrators. This does require an attacker have access to the phone number configured for an account, which can be obtained via social engineering or reconnaissance.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-287 - Improper Authentication
Assigner
Impacted products
Vendor Product Version
xootix OTP Login & Register Woocommerce Affected: 0 , ≤ 2.2 (semver)
Create a notification for this product.
Credits
István Márton
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:33:04.558Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b1b7b653-496f-467a-9513-4be1891f38ae?source=cve"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/mobile-login-woocommerce/tags/2.2/includes/class-xoo-ml-verification.php#L362"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2912731%40mobile-login-woocommerce\u0026new=2912731%40mobile-login-woocommerce\u0026sfp_email=\u0026sfph_mail="
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lana.codes/lanavdb/87b5e80e-fd5b-47c3-bf82-088bdf4573b5/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-2706",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-13T16:19:34.330309Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-13T16:49:33.542Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OTP Login \u0026 Register Woocommerce",
          "vendor": "xootix",
          "versions": [
            {
              "lessThanOrEqual": "2.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Istv\u00e1n M\u00e1rton"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The OTP Login Woocommerce \u0026 Gravity Forms plugin for WordPress is vulnerable to authentication bypass. This is due to the fact that when generating OTP codes for users to use in order to login via phone number, the plugin returns these codes in an AJAX response. This makes it possible for unauthenticated attackers to obtain login codes for administrators. This does require an attacker have access to the phone number configured for an account, which can be obtained via social engineering or reconnaissance."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T17:16:17.788Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b1b7b653-496f-467a-9513-4be1891f38ae?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/mobile-login-woocommerce/tags/2.2/includes/class-xoo-ml-verification.php#L362"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2912731%40mobile-login-woocommerce\u0026new=2912731%40mobile-login-woocommerce\u0026sfp_email=\u0026sfph_mail="
        },
        {
          "url": "https://lana.codes/lanavdb/87b5e80e-fd5b-47c3-bf82-088bdf4573b5/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-05-14T00:00:00.000Z",
          "value": "Discovered"
        },
        {
          "lang": "en",
          "time": "2023-05-15T00:00:00.000Z",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2023-05-16T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "OTP Login Woocommerce \u0026 Gravity Forms \u003c= 2.2 - Authentication Bypass to Privilege Escalation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2023-2706",
    "datePublished": "2023-05-17T01:58:49.447Z",
    "dateReserved": "2023-05-15T12:23:20.740Z",
    "dateUpdated": "2026-04-08T17:16:17.788Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-2638 (GCVE-0-2023-2638)

Vulnerability from cvelistv5 – Published: 2023-06-13 20:25 – Updated: 2025-01-02 20:45
VLAI
Title
Rockwell Automation FactoryTalk System Services Vulnerable to a Denial-of-Service Attack
Summary
Rockwell Automation's FactoryTalk System Services does not verify that a backup configuration archive is password protected.   Improper authorization in FTSSBackupRestore.exe may lead to the loading of malicious configuration archives.  This vulnerability may allow a local, authenticated non-admin user to craft a malicious backup archive, without password protection, that will be loaded by FactoryTalk System Services as a valid backup when a restore procedure takes places. User interaction is required for this vulnerability to be successfully exploited.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-287 - Improper Authentication
Assigner
Impacted products
Credits
Sharon Brizinov of Claroty Research - Team82
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:26:09.833Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139683"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-2638",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-02T20:45:37.679849Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-02T20:45:55.640Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FactoryTalk System Services",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 6.20"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Sharon Brizinov of Claroty Research - Team82"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eRockwell Automation\u0027s FactoryTalk System Services does not verify that a backup configuration archive is password protected.\n\n\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper authorization in FTSSBackupRestore.exe may lead to the loading of malicious configuration archives.\u0026nbsp; This vulnerability may allow a local, authenticated non-admin user to craft a malicious backup archive, without password protection, that will be loaded by FactoryTalk System Services as a valid backup when a restore procedure takes places. User interaction is required for this vulnerability to be successfully exploited.\u003c/span\u003e\u003cbr\u003e\n\n\u003c/span\u003e"
            }
          ],
          "value": "\nRockwell Automation\u0027s FactoryTalk System Services does not verify that a backup configuration archive is password protected.\n\n\u00a0\n\nImproper authorization in FTSSBackupRestore.exe may lead to the loading of malicious configuration archives.\u00a0 This vulnerability may allow a local, authenticated non-admin user to craft a malicious backup archive, without password protection, that will be loaded by FactoryTalk System Services as a valid backup when a restore procedure takes places. User interaction is required for this vulnerability to be successfully exploited.\n\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-13T20:25:03.375Z",
        "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "shortName": "Rockwell"
      },
      "references": [
        {
          "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139683"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCustomers using the affected software are encouraged to apply the risk mitigations, if possible.\u003c/span\u003e\u003cul\u003e\u003cli\u003eUpgrade to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://compatibility.rockwellautomation.com/Pages/MultiProductCompareSelections.aspx?crumb=113\u0026amp;versions=61050,59723\"\u003e6.30.00\u003c/a\u003e\u0026nbsp;or later which has been patched to mitigate these issues.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "\nCustomers using the affected software are encouraged to apply the risk mitigations, if possible.  *  Upgrade to  6.30.00 https://compatibility.rockwellautomation.com/Pages/MultiProductCompareSelections.aspx \u00a0or later which has been patched to mitigate these issues.\n\n\n\n\n\n"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Rockwell Automation FactoryTalk System Services Vulnerable to a Denial-of-Service Attack",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
    "assignerShortName": "Rockwell",
    "cveId": "CVE-2023-2638",
    "datePublished": "2023-06-13T20:25:03.375Z",
    "dateReserved": "2023-05-10T20:31:39.989Z",
    "dateUpdated": "2025-01-02T20:45:55.640Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-2626 (GCVE-0-2023-2626)

Vulnerability from cvelistv5 – Published: 2023-07-25 17:07 – Updated: 2024-08-02 06:26
VLAI
Title
Authentication Bypass in OpenThread Boarder Router devices
Summary
There exists an authentication bypass vulnerability in OpenThread border router devices and implementations. This issue allows unauthenticated nodes to craft radio frames using “Key ID Mode 2”: a special mode using a static encryption key to bypass security checks, resulting in arbitrary IP packets being allowed on the Thread network. This provides a pathway for an attacker to send/receive arbitrary IPv6 packets to devices on the LAN, potentially exploiting them if they lack additional authentication or contain any network vulnerabilities that would normally be mitigated by the home router’s NAT firewall. Effected devices have been mitigated through an automatic update beyond the affected range.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-287 - Improper Authentication
Assigner
Impacted products
Vendor Product Version
Google Nest Hub Max Affected: 10.20221207.2.109 , < 10.20221207.2.120 (custom)
Create a notification for this product.
Google Nest Hub (2nd. gen) w/ Sleep Tracking Affected: 10.20221207.2.100038 , < 10.20221207.2.100042 (custom)
Create a notification for this product.
Google Nest Wifi 6E Affected: 1.59 , < 1.63.355999 (custom)
Create a notification for this product.
Google Google Wifi (next gen) Affected: 14150.881.7 , < 14150.882.9 (custom)
Create a notification for this product.
Google Nest Wifi Point Affected: 1.56.1 , < 1.56.368671 (custom)
Create a notification for this product.
google nest_hub Affected: 10.20221207.2.100038 , < 10.20221207.2.100042 (custom)
    cpe:2.3:h:google:nest_hub:-:*:*:*:*:*:*:*
Create a notification for this product.
google nest_wifi_6e Affected: 1.59 , < 1.63.355999 (custom)
    cpe:2.3:h:google:nest_wifi_6e:-:*:*:*:*:*:*:*
Create a notification for this product.
google wifi Affected: 14150.881.7 , < 14150.882.9 (custom)
    cpe:2.3:h:google:wifi:-:*:*:*:*:*:*:*
Create a notification for this product.
google nest_wifi_point Affected: 1.56.1 , < 1.56.368671 (custom)
    cpe:2.3:h:google:nest_wifi_point:-:*:*:*:*:*:*:*
Create a notification for this product.
google nest_hub_max Affected: 10.20221207.2.109 , < 10.20221207.2.120 (custom)
    cpe:2.3:h:google:nest_hub_max:-:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Valentin Leon
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:google:nest_hub:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "nest_hub",
            "vendor": "google",
            "versions": [
              {
                "lessThan": "10.20221207.2.100042",
                "status": "affected",
                "version": "10.20221207.2.100038",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:google:nest_wifi_6e:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "nest_wifi_6e",
            "vendor": "google",
            "versions": [
              {
                "lessThan": "1.63.355999",
                "status": "affected",
                "version": "1.59",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:google:wifi:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wifi",
            "vendor": "google",
            "versions": [
              {
                "lessThan": "14150.882.9",
                "status": "affected",
                "version": "14150.881.7",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:google:nest_wifi_point:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "nest_wifi_point",
            "vendor": "google",
            "versions": [
              {
                "lessThan": "1.56.368671",
                "status": "affected",
                "version": "1.56.1",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:google:nest_hub_max:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "nest_hub_max",
            "vendor": "google",
            "versions": [
              {
                "lessThan": "10.20221207.2.120",
                "status": "affected",
                "version": "10.20221207.2.109",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-2626",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-21T13:12:27.308613Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:16:51.298Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:26:09.825Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.google.com/product-documentation/answer/13588832?hl=en\u0026ref_topic=12974021\u0026sjid=7833436865896465963-NA#zippy=%2Cnest-wifi"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Nest Hub Max",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "10.20221207.2.120",
              "status": "affected",
              "version": "10.20221207.2.109",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Nest Hub (2nd. gen) w/ Sleep Tracking",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "10.20221207.2.100042",
              "status": "affected",
              "version": "10.20221207.2.100038",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Nest Wifi 6E",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "1.63.355999",
              "status": "affected",
              "version": "1.59",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Google Wifi (next gen)",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "14150.882.9",
              "status": "affected",
              "version": "14150.881.7",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Nest Wifi Point",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "1.56.368671",
              "status": "affected",
              "version": "1.56.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Nest Hub Max",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "10.20221207.2.120",
              "status": "affected",
              "version": "10.20221207.2.109",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Nest Hub (2nd. gen) w/ Sleep Tracking",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "10.20221207.2.100042",
              "status": "affected",
              "version": "10.20221207.2.100038",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Valentin Leon"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ch3\u003eThere exists an authentication bypass vulnerability in OpenThread border router devices and implementations.\u0026nbsp;This issue allows unauthenticated nodes to craft radio frames using \u201cKey ID Mode 2\u201d: a special mode using a static encryption key to bypass security checks, resulting in arbitrary IP packets being allowed on the Thread network.\u003cbr\u003e This provides a pathway for an attacker to send/receive arbitrary IPv6 packets to devices on the LAN, potentially exploiting them if they lack additional authentication or contain any network vulnerabilities that would normally be mitigated by the home router\u2019s NAT firewall. Effected devices have been mitigated through an automatic update beyond the affected range.\u003cbr\u003e\u003c/h3\u003e"
            }
          ],
          "value": "There exists an authentication bypass vulnerability in OpenThread border router devices and implementations.\u00a0This issue allows unauthenticated nodes to craft radio frames using \u201cKey ID Mode 2\u201d: a special mode using a static encryption key to bypass security checks, resulting in arbitrary IP packets being allowed on the Thread network.\n This provides a pathway for an attacker to send/receive arbitrary IPv6 packets to devices on the LAN, potentially exploiting them if they lack additional authentication or contain any network vulnerabilities that would normally be mitigated by the home router\u2019s NAT firewall. Effected devices have been mitigated through an automatic update beyond the affected range."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-21T03:42:27.328Z",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "url": "https://support.google.com/product-documentation/answer/13588832?hl=en\u0026ref_topic=12974021\u0026sjid=7833436865896465963-NA#zippy=%2Cnest-wifi"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Authentication Bypass in OpenThread Boarder Router devices",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2023-2626",
    "datePublished": "2023-07-25T17:07:02.960Z",
    "dateReserved": "2023-05-10T11:35:38.314Z",
    "dateUpdated": "2024-08-02T06:26:09.825Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-2586 (GCVE-0-2023-2586)

Vulnerability from cvelistv5 – Published: 2023-05-22 15:05 – Updated: 2025-01-16 21:34
VLAI
Summary
Teltonika’s Remote Management System versions 4.14.0 is vulnerable to an unauthorized attacker registering previously unregistered devices through the RMS platform. If the user has not disabled the "RMS management feature" enabled by default, then an attacker could register that device to themselves. This could enable the attacker to perform different operations on the user's devices, including remote code execution with 'root' privileges (using the 'Task Manager' feature on RMS).
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-287 - Improper Authentication
Assigner
References
Impacted products
Vendor Product Version
Teltonika Remote Management System Affected: 0 , < 4.14.0 (custom)
Create a notification for this product.
Date Public
2023-05-11 18:00
Credits
Roni Gavrilov OTORIO
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:26:09.736Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "government-resource",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-2586",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-16T20:30:37.767379Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-16T21:34:46.618Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Remote Management System",
          "vendor": "Teltonika",
          "versions": [
            {
              "lessThan": "4.14.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Roni Gavrilov"
        },
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "OTORIO"
        }
      ],
      "datePublic": "2023-05-11T18:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eTeltonika\u2019s Remote Management System versions 4.14.0 is vulnerable to an unauthorized attacker registering previously unregistered devices through the RMS platform. If the user has not disabled the \"RMS management feature\" enabled by default, then an attacker could register that device to themselves. This could enable the attacker to perform different operations on the user\u0027s devices, including remote code execution with \u0027root\u0027 privileges (using the \u0027Task Manager\u0027 feature on RMS).\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nTeltonika\u2019s Remote Management System versions 4.14.0 is vulnerable to an unauthorized attacker registering previously unregistered devices through the RMS platform. If the user has not disabled the \"RMS management feature\" enabled by default, then an attacker could register that device to themselves. This could enable the attacker to perform different operations on the user\u0027s devices, including remote code execution with \u0027root\u0027 privileges (using the \u0027Task Manager\u0027 feature on RMS).\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-22T15:05:15.519Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2023-2586",
    "datePublished": "2023-05-22T15:05:15.519Z",
    "dateReserved": "2023-05-08T22:09:41.566Z",
    "dateUpdated": "2025-01-16T21:34:46.618Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-2283 (GCVE-0-2023-2283)

Vulnerability from cvelistv5 – Published: 2023-05-26 00:00 – Updated: 2025-11-03 20:35
VLAI
Summary
A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK.
Severity
No CVSS data available.
CWE
Assigner
Impacted products
Vendor Product Version
n/a libssh Affected: libssh-2
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:35:18.528Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-2283"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.libssh.org/security/advisories/CVE-2023-2283.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189736"
          },
          {
            "name": "FEDORA-2023-5fa5ca2043",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27PD44ALQTZXX7K6JAM3BXBUHYA6DFFN/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/172861/libssh-0.9.6-0.10.4-pki_verify_data_signature-Authorization-Bypass.html"
          },
          {
            "name": "GLSA-202312-05",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202312-05"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240201-0005/"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Feb/18"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libssh",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "libssh-2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-01T17:06:59.699Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://access.redhat.com/security/cve/CVE-2023-2283"
        },
        {
          "url": "https://www.libssh.org/security/advisories/CVE-2023-2283.txt"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189736"
        },
        {
          "name": "FEDORA-2023-5fa5ca2043",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27PD44ALQTZXX7K6JAM3BXBUHYA6DFFN/"
        },
        {
          "url": "http://packetstormsecurity.com/files/172861/libssh-0.9.6-0.10.4-pki_verify_data_signature-Authorization-Bypass.html"
        },
        {
          "name": "GLSA-202312-05",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202312-05"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240201-0005/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-2283",
    "datePublished": "2023-05-26T00:00:00.000Z",
    "dateReserved": "2023-04-25T00:00:00.000Z",
    "dateUpdated": "2025-11-03T20:35:18.528Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-2024 (GCVE-0-2023-2024)

Vulnerability from cvelistv5 – Published: 2023-05-18 20:45 – Updated: 2025-02-12 16:27
VLAI
Title
Improper Authentication for OpenBlue Enterprise Manager Data Collector
Summary
Improper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 allow access to an unauthorized user under certain circumstances.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-287 - Improper Authentication
Assigner
jci
Impacted products
Date Public
2023-05-18 20:41
Credits
Rushank Shetty, Security Researcher at Northwestern Mutual
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:12:19.681Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-138-04"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-2024",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-21T20:09:01.151668Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T16:27:08.247Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenBlue Enterprise Manager Data Collector",
          "vendor": "Johnson Controls",
          "versions": [
            {
              "lessThan": "3.2.5.75",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": " Rushank Shetty, Security Researcher at Northwestern Mutual"
        }
      ],
      "datePublic": "2023-05-18T20:41:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 allow access to an unauthorized user under certain circumstances."
            }
          ],
          "value": "Improper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 allow access to an unauthorized user under certain circumstances."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287: Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-18T20:45:01.376Z",
        "orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
        "shortName": "jci"
      },
      "references": [
        {
          "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
        },
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-138-04"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update all OpenBlue Enterprise Manager Data Collector firmware to version 3.2.5.75."
            }
          ],
          "value": "Update all OpenBlue Enterprise Manager Data Collector firmware to version 3.2.5.75."
        },
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Contact your Customer Success Manager to obtain the update.\u003cbr\u003e"
            }
          ],
          "value": "Contact your Customer Success Manager to obtain the update.\n"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Improper Authentication for OpenBlue Enterprise Manager Data Collector",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
    "assignerShortName": "jci",
    "cveId": "CVE-2023-2024",
    "datePublished": "2023-05-18T20:45:01.376Z",
    "dateReserved": "2023-04-13T15:11:18.916Z",
    "dateUpdated": "2025-02-12T16:27:08.247Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design

Strategy: Libraries or Frameworks

Use an authentication framework or library such as the OWASP ESAPI Authentication feature.

CAPEC-114: Authentication Abuse

An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker.

CAPEC-115: Authentication Bypass

An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place.

CAPEC-151: Identity Spoofing

Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials.

CAPEC-194: Fake the Source of Data

An adversary takes advantage of improper authentication to provide data or services under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or to assume the rights granted to another individual. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. The root of the attack (in this case the email system) fails to properly authenticate the source and this results in the reader incorrectly performing the instructed action. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.

CAPEC-22: Exploiting Trust in Client

An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.

CAPEC-57: Utilizing REST's Trust in the System Resource to Obtain Sensitive Data

This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to obtain sensitive data once SSL is terminated.

CAPEC-593: Session Hijacking

This type of attack involves an adversary that exploits weaknesses in an application's use of sessions in performing authentication. The adversary is able to steal or manipulate an active session and use it to gain unathorized access to the application.

CAPEC-633: Token Impersonation

An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.

CAPEC-650: Upload a Web Shell to a Web Server

By exploiting insufficient permissions, it is possible to upload a web shell to a web server in such a way that it can be executed remotely. This shell can have various capabilities, thereby acting as a "gateway" to the underlying web server. The shell might execute at the higher permission level of the web server, providing the ability the execute malicious code at elevated levels.

CAPEC-94: Adversary in the Middle (AiTM)

An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components.