Common Weakness Enumeration

CWE-287

Discouraged

Improper Authentication

Abstraction: Class · Status: Draft

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

5966 vulnerabilities reference this CWE, most recent first.

CVE-2023-28540 (GCVE-0-2023-28540)

Vulnerability from cvelistv5 – Published: 2023-10-03 05:00 – Updated: 2025-02-27 20:47
VLAI
Title
Improper Authentication in Data Modem
Summary
Cryptographic issue in Data Modem due to improper authentication during TLS handshake.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-287 - Improper Authentication
Assigner
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: 315 5G IoT Modem
Affected: AQT1000
Affected: AR8035
Affected: CSRA6620
Affected: CSRA6640
Affected: FastConnect 6200
Affected: FastConnect 6700
Affected: FastConnect 6800
Affected: FastConnect 6900
Affected: FastConnect 7800
Affected: QCA6391
Affected: QCA6420
Affected: QCA6421
Affected: QCA6426
Affected: QCA6430
Affected: QCA6431
Affected: QCA6436
Affected: QCA6574A
Affected: QCA6574AU
Affected: QCA6595AU
Affected: QCA6696
Affected: QCA6698AQ
Affected: QCA8081
Affected: QCA8337
Affected: QCC710
Affected: QCM2290
Affected: QCM4290
Affected: QCM4325
Affected: QCM4490
Affected: QCM6125
Affected: QCM6490
Affected: QCM8550
Affected: QCN6024
Affected: QCN6224
Affected: QCN6274
Affected: QCN9024
Affected: QCS2290
Affected: QCS410
Affected: QCS4290
Affected: QCS4490
Affected: QCS610
Affected: QCS6125
Affected: QCS6490
Affected: QCS8550
Affected: QFW7114
Affected: QFW7124
Affected: Qualcomm 205 Mobile Platform
Affected: Qualcomm 215 Mobile Platform
Affected: Qualcomm Video Collaboration VC1 Platform
Affected: Qualcomm Video Collaboration VC3 Platform
Affected: SD 675
Affected: SD460
Affected: SD662
Affected: SD675
Affected: SD730
Affected: SD855
Affected: SD865 5G
Affected: SD888
Affected: SDX55
Affected: SDX57M
Affected: SG4150P
Affected: SG8275P
Affected: SM6250
Affected: SM6250P
Affected: SM7250P
Affected: SM7315
Affected: SM7325P
Affected: SM8550P
Affected: Smart Audio 400 Platform
Affected: Snapdragon 210 Processor
Affected: Snapdragon 212 Mobile Platform
Affected: Snapdragon 4 Gen 1 Mobile Platform
Affected: Snapdragon 4 Gen 2 Mobile Platform
Affected: Snapdragon 439 Mobile Platform
Affected: Snapdragon 460 Mobile Platform
Affected: Snapdragon 480 5G Mobile Platform
Affected: Snapdragon 480+ 5G Mobile Platform (SM4350-AC)
Affected: Snapdragon 662 Mobile Platform
Affected: Snapdragon 665 Mobile Platform
Affected: Snapdragon 675 Mobile Platform
Affected: Snapdragon 678 Mobile Platform (SM6150-AC)
Affected: Snapdragon 680 4G Mobile Platform
Affected: Snapdragon 685 4G Mobile Platform (SM6225-AD)
Affected: Snapdragon 690 5G Mobile Platform
Affected: Snapdragon 695 5G Mobile Platform
Affected: Snapdragon 720G Mobile Platform
Affected: Snapdragon 730 Mobile Platform (SM7150-AA)
Affected: Snapdragon 730G Mobile Platform (SM7150-AB)
Affected: Snapdragon 732G Mobile Platform (SM7150-AC)
Affected: Snapdragon 750G 5G Mobile Platform
Affected: Snapdragon 765 5G Mobile Platform (SM7250-AA)
Affected: Snapdragon 765G 5G Mobile Platform (SM7250-AB)
Affected: Snapdragon 768G 5G Mobile Platform (SM7250-AC)
Affected: Snapdragon 778G 5G Mobile Platform
Affected: Snapdragon 778G+ 5G Mobile Platform (SM7325-AE)
Affected: Snapdragon 780G 5G Mobile Platform
Affected: Snapdragon 782G Mobile Platform (SM7325-AF)
Affected: Snapdragon 7c Compute Platform (SC7180-AC)
Affected: Snapdragon 7c Gen 2 Compute Platform (SC7180-AD) "Rennell Pro"
Affected: Snapdragon 7c+ Gen 3 Compute
Affected: Snapdragon 8 Gen 1 Mobile Platform
Affected: Snapdragon 8 Gen 2 Mobile Platform
Affected: Snapdragon 8+ Gen 1 Mobile Platform
Affected: Snapdragon 8+ Gen 2 Mobile Platform
Affected: Snapdragon 855 Mobile Platform
Affected: Snapdragon 855+/860 Mobile Platform (SM8150-AC)
Affected: Snapdragon 865 5G Mobile Platform
Affected: Snapdragon 865+ 5G Mobile Platform (SM8250-AB)
Affected: Snapdragon 870 5G Mobile Platform (SM8250-AC)
Affected: Snapdragon 888 5G Mobile Platform
Affected: Snapdragon 888+ 5G Mobile Platform (SM8350-AC)
Affected: Snapdragon Auto 5G Modem-RF
Affected: Snapdragon W5+ Gen 1 Wearable Platform
Affected: Snapdragon X50 5G Modem-RF System
Affected: Snapdragon X55 5G Modem-RF System
Affected: Snapdragon X65 5G Modem-RF System
Affected: Snapdragon X70 Modem-RF System
Affected: Snapdragon X75 5G Modem-RF System
Affected: Snapdragon XR2 5G Platform
Affected: SW5100
Affected: SW5100P
Affected: SXR2130
Affected: WCD9326
Affected: WCD9335
Affected: WCD9340
Affected: WCD9341
Affected: WCD9360
Affected: WCD9370
Affected: WCD9371
Affected: WCD9375
Affected: WCD9380
Affected: WCD9385
Affected: WCD9390
Affected: WCD9395
Affected: WCN3610
Affected: WCN3615
Affected: WCN3660B
Affected: WCN3680B
Affected: WCN3910
Affected: WCN3950
Affected: WCN3980
Affected: WCN3988
Affected: WCN3990
Affected: WCN6740
Affected: WSA8810
Affected: WSA8815
Affected: WSA8830
Affected: WSA8832
Affected: WSA8835
Affected: WSA8840
Affected: WSA8845
Affected: WSA8845H
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T13:43:22.478Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/october-2023-bulletin"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-28540",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T21:50:49.956960Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-27T20:47:44.136Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Auto",
            "Snapdragon Compute",
            "Snapdragon Consumer IOT",
            "Snapdragon Industrial IOT",
            "Snapdragon Mobile",
            "Snapdragon Wearables"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "315 5G IoT Modem"
            },
            {
              "status": "affected",
              "version": "AQT1000"
            },
            {
              "status": "affected",
              "version": "AR8035"
            },
            {
              "status": "affected",
              "version": "CSRA6620"
            },
            {
              "status": "affected",
              "version": "CSRA6640"
            },
            {
              "status": "affected",
              "version": "FastConnect 6200"
            },
            {
              "status": "affected",
              "version": "FastConnect 6700"
            },
            {
              "status": "affected",
              "version": "FastConnect 6800"
            },
            {
              "status": "affected",
              "version": "FastConnect 6900"
            },
            {
              "status": "affected",
              "version": "FastConnect 7800"
            },
            {
              "status": "affected",
              "version": "QCA6391"
            },
            {
              "status": "affected",
              "version": "QCA6420"
            },
            {
              "status": "affected",
              "version": "QCA6421"
            },
            {
              "status": "affected",
              "version": "QCA6426"
            },
            {
              "status": "affected",
              "version": "QCA6430"
            },
            {
              "status": "affected",
              "version": "QCA6431"
            },
            {
              "status": "affected",
              "version": "QCA6436"
            },
            {
              "status": "affected",
              "version": "QCA6574A"
            },
            {
              "status": "affected",
              "version": "QCA6574AU"
            },
            {
              "status": "affected",
              "version": "QCA6595AU"
            },
            {
              "status": "affected",
              "version": "QCA6696"
            },
            {
              "status": "affected",
              "version": "QCA6698AQ"
            },
            {
              "status": "affected",
              "version": "QCA8081"
            },
            {
              "status": "affected",
              "version": "QCA8337"
            },
            {
              "status": "affected",
              "version": "QCC710"
            },
            {
              "status": "affected",
              "version": "QCM2290"
            },
            {
              "status": "affected",
              "version": "QCM4290"
            },
            {
              "status": "affected",
              "version": "QCM4325"
            },
            {
              "status": "affected",
              "version": "QCM4490"
            },
            {
              "status": "affected",
              "version": "QCM6125"
            },
            {
              "status": "affected",
              "version": "QCM6490"
            },
            {
              "status": "affected",
              "version": "QCM8550"
            },
            {
              "status": "affected",
              "version": "QCN6024"
            },
            {
              "status": "affected",
              "version": "QCN6224"
            },
            {
              "status": "affected",
              "version": "QCN6274"
            },
            {
              "status": "affected",
              "version": "QCN9024"
            },
            {
              "status": "affected",
              "version": "QCS2290"
            },
            {
              "status": "affected",
              "version": "QCS410"
            },
            {
              "status": "affected",
              "version": "QCS4290"
            },
            {
              "status": "affected",
              "version": "QCS4490"
            },
            {
              "status": "affected",
              "version": "QCS610"
            },
            {
              "status": "affected",
              "version": "QCS6125"
            },
            {
              "status": "affected",
              "version": "QCS6490"
            },
            {
              "status": "affected",
              "version": "QCS8550"
            },
            {
              "status": "affected",
              "version": "QFW7114"
            },
            {
              "status": "affected",
              "version": "QFW7124"
            },
            {
              "status": "affected",
              "version": "Qualcomm 205 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Qualcomm 215 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Qualcomm Video Collaboration VC1 Platform"
            },
            {
              "status": "affected",
              "version": "Qualcomm Video Collaboration VC3 Platform"
            },
            {
              "status": "affected",
              "version": "SD 675"
            },
            {
              "status": "affected",
              "version": "SD460"
            },
            {
              "status": "affected",
              "version": "SD662"
            },
            {
              "status": "affected",
              "version": "SD675"
            },
            {
              "status": "affected",
              "version": "SD730"
            },
            {
              "status": "affected",
              "version": "SD855"
            },
            {
              "status": "affected",
              "version": "SD865 5G"
            },
            {
              "status": "affected",
              "version": "SD888"
            },
            {
              "status": "affected",
              "version": "SDX55"
            },
            {
              "status": "affected",
              "version": "SDX57M"
            },
            {
              "status": "affected",
              "version": "SG4150P"
            },
            {
              "status": "affected",
              "version": "SG8275P"
            },
            {
              "status": "affected",
              "version": "SM6250"
            },
            {
              "status": "affected",
              "version": "SM6250P"
            },
            {
              "status": "affected",
              "version": "SM7250P"
            },
            {
              "status": "affected",
              "version": "SM7315"
            },
            {
              "status": "affected",
              "version": "SM7325P"
            },
            {
              "status": "affected",
              "version": "SM8550P"
            },
            {
              "status": "affected",
              "version": "Smart Audio 400 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 210 Processor"
            },
            {
              "status": "affected",
              "version": "Snapdragon 212 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 4 Gen 1 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 4 Gen 2 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 439 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 460 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 480 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 480+ 5G Mobile Platform (SM4350-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 662 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 665 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 675 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 678 Mobile Platform (SM6150-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 680 4G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 685 4G Mobile Platform (SM6225-AD)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 690 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 695 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 720G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 730 Mobile Platform (SM7150-AA)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 730G Mobile Platform (SM7150-AB)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 732G Mobile Platform (SM7150-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 750G 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 765 5G Mobile Platform (SM7250-AA)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 765G 5G Mobile Platform (SM7250-AB)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 768G 5G Mobile Platform (SM7250-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 778G 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 778G+ 5G Mobile Platform (SM7325-AE)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 780G 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 782G Mobile Platform (SM7325-AF)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 7c Compute Platform (SC7180-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 7c Gen 2 Compute Platform (SC7180-AD) \"Rennell Pro\""
            },
            {
              "status": "affected",
              "version": "Snapdragon 7c+ Gen 3 Compute"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8 Gen 1 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8 Gen 2 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8+ Gen 1 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8+ Gen 2 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 855 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 855+/860 Mobile Platform (SM8150-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 865 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 865+ 5G Mobile Platform (SM8250-AB)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 870 5G Mobile Platform (SM8250-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 888 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 888+ 5G Mobile Platform (SM8350-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon Auto 5G Modem-RF"
            },
            {
              "status": "affected",
              "version": "Snapdragon W5+ Gen 1 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon X50 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X55 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X65 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X70 Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X75 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon XR2 5G Platform"
            },
            {
              "status": "affected",
              "version": "SW5100"
            },
            {
              "status": "affected",
              "version": "SW5100P"
            },
            {
              "status": "affected",
              "version": "SXR2130"
            },
            {
              "status": "affected",
              "version": "WCD9326"
            },
            {
              "status": "affected",
              "version": "WCD9335"
            },
            {
              "status": "affected",
              "version": "WCD9340"
            },
            {
              "status": "affected",
              "version": "WCD9341"
            },
            {
              "status": "affected",
              "version": "WCD9360"
            },
            {
              "status": "affected",
              "version": "WCD9370"
            },
            {
              "status": "affected",
              "version": "WCD9371"
            },
            {
              "status": "affected",
              "version": "WCD9375"
            },
            {
              "status": "affected",
              "version": "WCD9380"
            },
            {
              "status": "affected",
              "version": "WCD9385"
            },
            {
              "status": "affected",
              "version": "WCD9390"
            },
            {
              "status": "affected",
              "version": "WCD9395"
            },
            {
              "status": "affected",
              "version": "WCN3610"
            },
            {
              "status": "affected",
              "version": "WCN3615"
            },
            {
              "status": "affected",
              "version": "WCN3660B"
            },
            {
              "status": "affected",
              "version": "WCN3680B"
            },
            {
              "status": "affected",
              "version": "WCN3910"
            },
            {
              "status": "affected",
              "version": "WCN3950"
            },
            {
              "status": "affected",
              "version": "WCN3980"
            },
            {
              "status": "affected",
              "version": "WCN3988"
            },
            {
              "status": "affected",
              "version": "WCN3990"
            },
            {
              "status": "affected",
              "version": "WCN6740"
            },
            {
              "status": "affected",
              "version": "WSA8810"
            },
            {
              "status": "affected",
              "version": "WSA8815"
            },
            {
              "status": "affected",
              "version": "WSA8830"
            },
            {
              "status": "affected",
              "version": "WSA8832"
            },
            {
              "status": "affected",
              "version": "WSA8835"
            },
            {
              "status": "affected",
              "version": "WSA8840"
            },
            {
              "status": "affected",
              "version": "WSA8845"
            },
            {
              "status": "affected",
              "version": "WSA8845H"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cryptographic issue in Data Modem due to improper authentication during TLS handshake."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-12T16:20:41.462Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://www.qualcomm.com/company/product-security/bulletins/october-2023-bulletin"
        }
      ],
      "title": "Improper Authentication in Data Modem"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2023-28540",
    "datePublished": "2023-10-03T05:00:36.519Z",
    "dateReserved": "2023-03-17T11:41:45.845Z",
    "dateUpdated": "2025-02-27T20:47:44.136Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-28377 (GCVE-0-2023-28377)

Vulnerability from cvelistv5 – Published: 2023-11-14 19:04 – Updated: 2024-08-30 16:25
VLAI
Summary
Improper authentication in some Intel(R) NUC Kit NUC11PH USB firmware installation software before version 1.1 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • escalation of privilege
  • CWE-287 - Improper authentication
Assigner
Impacted products
Vendor Product Version
n/a Intel(R) NUC Kit NUC11PH USB firmware installation software Affected: before version 1.1 for Windows
intel_nuc_kit_nuc11ph_usb_firmware_installation_software intel_nuc_kit_nuc11ph_usb_firmware_installation_software Affected: 0 , < before_version_1.1_for_windows (custom)
    cpe:2.3:a:intel_nuc_kit_nuc11ph_usb_firmware_installation_software:intel_nuc_kit_nuc11ph_usb_firmware_installation_software:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:38:25.205Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:intel_nuc_kit_nuc11ph_usb_firmware_installation_software:intel_nuc_kit_nuc11ph_usb_firmware_installation_software:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "intel_nuc_kit_nuc11ph_usb_firmware_installation_software",
            "vendor": "intel_nuc_kit_nuc11ph_usb_firmware_installation_software",
            "versions": [
              {
                "lessThan": "before_version_1.1_for_windows",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-28377",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-30T16:10:54.774510Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-30T16:25:56.601Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Intel(R) NUC Kit NUC11PH USB firmware installation software",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "before version 1.1 for Windows"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper authentication in some Intel(R) NUC Kit NUC11PH USB firmware installation software before version 1.1 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "escalation of privilege",
              "lang": "en"
            },
            {
              "cweId": "CWE-287",
              "description": "Improper authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-14T19:04:48.989Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2023-28377",
    "datePublished": "2023-11-14T19:04:48.989Z",
    "dateReserved": "2023-06-02T03:00:03.811Z",
    "dateUpdated": "2024-08-30T16:25:56.601Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-28125 (GCVE-0-2023-28125)

Vulnerability from cvelistv5 – Published: 2023-05-09 00:00 – Updated: 2025-01-29 14:37
VLAI
Summary
An improper authentication vulnerability exists in Avalanche Premise versions 6.3.x and below that could allow an attacker to gain access to the server by registering to receive messages from the server and perform an authentication bypass.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-287 - Improper Authentication - Generic (CWE-287)
Assigner
Impacted products
Vendor Product Version
n/a Avalanche Affected: Avalanche Premise versions 6.3.x and below
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:30:24.149Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://forums.ivanti.com/s/article/ZDI-CAN-17729-CVE-2023-28125-Bug-958437-ZDI-CAN-17729-Ivanti-Avalanche-InfoRail-Authentication-Bypass-Vulnerability?language=en_US"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.9,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-28125",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-29T14:37:20.828826Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-29T14:37:25.739Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Avalanche",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Avalanche Premise versions 6.3.x and below"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper authentication vulnerability exists in Avalanche Premise versions 6.3.x and below that could allow an attacker to gain access to the server by registering to receive messages from the server and perform an authentication bypass."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "Improper Authentication - Generic (CWE-287)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-09T00:00:00.000Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://forums.ivanti.com/s/article/ZDI-CAN-17729-CVE-2023-28125-Bug-958437-ZDI-CAN-17729-Ivanti-Avalanche-InfoRail-Authentication-Bypass-Vulnerability?language=en_US"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2023-28125",
    "datePublished": "2023-05-09T00:00:00.000Z",
    "dateReserved": "2023-03-10T00:00:00.000Z",
    "dateUpdated": "2025-01-29T14:37:25.739Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-28121 (GCVE-0-2023-28121)

Vulnerability from cvelistv5 – Published: 2023-04-12 00:00 – Updated: 2024-08-02 12:30
VLAI
Summary
An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.
Severity
No CVSS data available.
CWE
  • CWE-287 - Improper Authentication - Generic (CWE-287)
Assigner
Impacted products
Vendor Product Version
n/a WooCommerce Payments WordPress Plugin Affected: Fixed version 5.6.2
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:30:24.170Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://developer.woocommerce.com/2023/03/23/critical-vulnerability-detected-in-woocommerce-payments-what-you-need-to-know/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.rcesecurity.com/2023/07/patch-diffing-cve-2023-28121-to-compromise-a-woocommerce/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WooCommerce Payments WordPress Plugin",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed version 5.6.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "Improper Authentication - Generic (CWE-287)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-03T00:00:00.000Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://developer.woocommerce.com/2023/03/23/critical-vulnerability-detected-in-woocommerce-payments-what-you-need-to-know/"
        },
        {
          "url": "https://www.rcesecurity.com/2023/07/patch-diffing-cve-2023-28121-to-compromise-a-woocommerce/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2023-28121",
    "datePublished": "2023-04-12T00:00:00.000Z",
    "dateReserved": "2023-03-10T00:00:00.000Z",
    "dateUpdated": "2024-08-02T12:30:24.170Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-28073 (GCVE-0-2023-28073)

Vulnerability from cvelistv5 – Published: 2023-06-23 10:42 – Updated: 2024-12-04 14:43
VLAI
Summary
Dell BIOS contains an improper authentication vulnerability. A locally authenticated malicious user may potentially exploit this vulnerability by bypassing certain authentication mechanisms in order to elevate privileges on the system.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-287 - Improper Authentication
Assigner
References
Impacted products
Vendor Product Version
Dell CPG BIOS Affected: 1.13.2
Create a notification for this product.
Date Public
2023-06-13 06:30
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:30:23.798Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/en-us/000213032/dsa-2023-160-dell-client"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-28073",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-04T14:43:07.848210Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-04T14:43:29.240Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Latitude 5530",
            "Precision 3570"
          ],
          "product": "CPG BIOS",
          "vendor": "Dell",
          "versions": [
            {
              "status": "affected",
              "version": " 1.13.2"
            }
          ]
        }
      ],
      "datePublic": "2023-06-13T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell BIOS contains an improper authentication vulnerability. A locally authenticated malicious user may potentially exploit this vulnerability by bypassing certain authentication mechanisms in order to elevate privileges on the system.\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nDell BIOS contains an improper authentication vulnerability. A locally authenticated malicious user may potentially exploit this vulnerability by bypassing certain authentication mechanisms in order to elevate privileges on the system.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287: Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-23T10:42:06.760Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000213032/dsa-2023-160-dell-client"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2023-28073",
    "datePublished": "2023-06-23T10:42:06.760Z",
    "dateReserved": "2023-03-10T05:07:55.140Z",
    "dateUpdated": "2024-12-04T14:43:29.240Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-27582 (GCVE-0-2023-27582)

Vulnerability from cvelistv5 – Published: 2023-03-13 21:40 – Updated: 2025-02-25 14:58
VLAI
Title
Full authentication bypass if SASL authorization username is specified
Summary
maddy is a composable, all-in-one mail server. Starting with version 0.2.0 and prior to version 0.6.3, maddy allows a full authentication bypass if SASL authorization username is specified when using the PLAIN authentication mechanisms. Instead of validating the specified username, it is accepted as is after checking the credentials for the authentication username. maddy 0.6.3 includes the fix for the bug. There are no known workarounds.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-287 - Improper Authentication
  • CWE-305 - Authentication Bypass by Primary Weakness
Assigner
Impacted products
Vendor Product Version
foxcpp maddy Affected: >= 0.2.0 0.6.3
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:16:36.244Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/foxcpp/maddy/security/advisories/GHSA-4g76-w3xw-2x6w",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/foxcpp/maddy/security/advisories/GHSA-4g76-w3xw-2x6w"
          },
          {
            "name": "https://github.com/foxcpp/maddy/commit/55a91a37b71210f34f98f4d327c30308fe24399a",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/foxcpp/maddy/commit/55a91a37b71210f34f98f4d327c30308fe24399a"
          },
          {
            "name": "https://github.com/foxcpp/maddy/commit/9f58cb64b39cdc01928ec463bdb198c4c2313a9c",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/foxcpp/maddy/commit/9f58cb64b39cdc01928ec463bdb198c4c2313a9c"
          },
          {
            "name": "https://github.com/foxcpp/maddy/releases/tag/v0.6.3",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/foxcpp/maddy/releases/tag/v0.6.3"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-27582",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-25T14:31:06.246958Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-25T14:58:06.143Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "maddy",
          "vendor": "foxcpp",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 0.2.0  0.6.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "maddy is a composable, all-in-one mail server. Starting with version 0.2.0 and prior to version 0.6.3, maddy allows a full authentication bypass if SASL authorization username is specified when using the PLAIN authentication mechanisms. Instead of validating the specified username, it is accepted as is after checking the credentials for the authentication username. maddy 0.6.3 includes the fix for the bug. There are no known workarounds."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287: Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305: Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-13T21:40:23.225Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/foxcpp/maddy/security/advisories/GHSA-4g76-w3xw-2x6w",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/foxcpp/maddy/security/advisories/GHSA-4g76-w3xw-2x6w"
        },
        {
          "name": "https://github.com/foxcpp/maddy/commit/55a91a37b71210f34f98f4d327c30308fe24399a",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/foxcpp/maddy/commit/55a91a37b71210f34f98f4d327c30308fe24399a"
        },
        {
          "name": "https://github.com/foxcpp/maddy/commit/9f58cb64b39cdc01928ec463bdb198c4c2313a9c",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/foxcpp/maddy/commit/9f58cb64b39cdc01928ec463bdb198c4c2313a9c"
        },
        {
          "name": "https://github.com/foxcpp/maddy/releases/tag/v0.6.3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/foxcpp/maddy/releases/tag/v0.6.3"
        }
      ],
      "source": {
        "advisory": "GHSA-4g76-w3xw-2x6w",
        "discovery": "UNKNOWN"
      },
      "title": "Full authentication bypass if SASL authorization username is specified"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-27582",
    "datePublished": "2023-03-13T21:40:23.225Z",
    "dateReserved": "2023-03-04T01:03:53.633Z",
    "dateUpdated": "2025-02-25T14:58:06.143Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-27482 (GCVE-0-2023-27482)

Vulnerability from cvelistv5 – Published: 2023-03-08 00:00 – Updated: 2025-02-25 14:59
VLAI
Summary
homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older. Installation types, like Home Assistant Container (for example Docker), or Home Assistant Core manually in a Python environment, are not affected. The issue has been mitigated and closed in Supervisor version 2023.03.1, which has been rolled out to all affected installations via the auto-update feature of the Supervisor. This rollout has been completed at the time of publication of this advisory. Home Assistant Core 2023.3.0 included mitigation for this vulnerability. Upgrading to at least that version is thus advised. In case one is not able to upgrade the Home Assistant Supervisor or the Home Assistant Core application at this time, it is advised to not expose your Home Assistant instance to the internet.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-287 - Improper Authentication
Assigner
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:09:43.515Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/home-assistant/core/security/advisories/GHSA-2j8f-h4mr-qr25"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.home-assistant.io/blog/2023/03/08/supervisor-security-disclosure/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/elttam/publications/blob/master/writeups/home-assistant/supervisor-authentication-bypass-advisory.md"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.elttam.com/blog/pwnassistant/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-27482",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-25T14:31:13.319644Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-25T14:59:51.980Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "core",
          "vendor": "home-assistant",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2023.3.2"
            }
          ]
        },
        {
          "product": "supervisor",
          "vendor": "home-assistant",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2023.03.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older. Installation types, like Home Assistant Container (for example Docker), or Home Assistant Core manually in a Python environment, are not affected. The issue has been mitigated and closed in Supervisor version 2023.03.1, which has been rolled out to all affected installations via the auto-update feature of the Supervisor. This rollout has been completed at the time of publication of this advisory. Home Assistant Core 2023.3.0 included mitigation for this vulnerability. Upgrading to at least that version is thus advised. In case one is not able to upgrade the Home Assistant Supervisor or the Home Assistant Core application at this time, it is advised to not expose your Home Assistant instance to the internet."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287: Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-17T00:00:00.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "url": "https://github.com/home-assistant/core/security/advisories/GHSA-2j8f-h4mr-qr25"
        },
        {
          "url": "https://www.home-assistant.io/blog/2023/03/08/supervisor-security-disclosure/"
        },
        {
          "url": "https://github.com/elttam/publications/blob/master/writeups/home-assistant/supervisor-authentication-bypass-advisory.md"
        },
        {
          "url": "https://www.elttam.com/blog/pwnassistant/"
        }
      ],
      "source": {
        "advisory": "GHSA-2j8f-h4mr-qr25",
        "discovery": "UNKNOWN"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-27482",
    "datePublished": "2023-03-08T00:00:00.000Z",
    "dateReserved": "2023-03-01T00:00:00.000Z",
    "dateUpdated": "2025-02-25T14:59:51.980Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-27351 (GCVE-0-2023-27351)

Vulnerability from cvelistv5 – Published: 2023-04-20 00:00 – Updated: 2026-04-21 03:55
VLAI
Summary
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19226.
SSVC
Exploitation: active Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-287 - Improper Authentication
Assigner
zdi
Impacted products
Vendor Product Version
PaperCut NG Affected: 22.0.5 (Build 63914)
Create a notification for this product.
Credits
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:09:43.371Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.papercut.com/kb/Main/PO-1216-and-PO-1219"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-232/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-27351",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-20T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2026-04-20",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27351"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-21T03:55:37.286Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27351"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-04-20T00:00:00.000Z",
            "value": "CVE-2023-27351 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NG",
          "vendor": "PaperCut",
          "versions": [
            {
              "status": "affected",
              "version": "22.0.5 (Build 63914)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19226."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287: Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-20T15:35:13.491Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "url": "https://www.papercut.com/kb/Main/PO-1216-and-PO-1219"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-232/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2023-27351",
    "datePublished": "2023-04-20T00:00:00.000Z",
    "dateReserved": "2023-02-28T00:00:00.000Z",
    "dateUpdated": "2026-04-21T03:55:37.286Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-26455 (GCVE-0-2023-26455)

Vulnerability from cvelistv5 – Published: 2023-11-02 13:01 – Updated: 2024-08-02 11:53
VLAI
Summary
RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require authenticated requests. No publicly available exploits are known.
CWE
  • CWE-287 - Improper Authentication
Assigner
OX
Impacted products
Vendor Product Version
OX Software GmbH OX App Suite Affected: 0 , ≤ 7.10.6-rev48 (semver)
Affected: 0 , ≤ 8.12 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:53:52.767Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "release-notes",
              "x_transferred"
            ],
            "url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "backend"
          ],
          "product": "OX App Suite",
          "vendor": "OX Software GmbH",
          "versions": [
            {
              "lessThanOrEqual": "7.10.6-rev48",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eRMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require authenticated requests. No publicly available exploits are known.\u003c/p\u003e"
            }
          ],
          "value": "RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require authenticated requests. No publicly available exploits are known.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-12T07:09:24.702Z",
        "orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
        "shortName": "OX"
      },
      "references": [
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"
        }
      ],
      "source": {
        "defect": [
          "MWB-1996"
        ],
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
    "assignerShortName": "OX",
    "cveId": "CVE-2023-26455",
    "datePublished": "2023-11-02T13:01:20.424Z",
    "dateReserved": "2023-02-22T20:42:56.092Z",
    "dateUpdated": "2024-08-02T11:53:52.767Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-25913 (GCVE-0-2023-25913)

Vulnerability from cvelistv5 – Published: 2023-08-21 20:30 – Updated: 2025-01-09 07:56
VLAI
Title
Authentication Bypass in Danfoss AK-SM800A
Summary
Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other sensitive information.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
  • CWE-287 - Improper Authentication
Assigner
References
URL Tags
https://csirt.divd.nl/CVE-2023-25913 third-party-advisory
https://csirt.divd.nl/DIVD-2023-00025 third-party-advisory
Impacted products
Vendor Product Version
Danfoss AK-SM800A Affected: < 3.3
Create a notification for this product.
Credits
Jony Schats (HackDefense) Stan Plasmeijer (HackDefense) Max van der Horst (DIVD)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:32:12.759Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://csirt.divd.nl/CVE-2023-25913"
          },
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://csirt.divd.nl/DIVD-2023-00025"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-25913",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-02T15:07:21.982541Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-02T15:15:26.754Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AK-SM800A",
          "vendor": "Danfoss",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.3"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Jony Schats (HackDefense)"
        },
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Stan Plasmeijer (HackDefense)"
        },
        {
          "lang": "en",
          "type": "analyst",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Max van der Horst (DIVD)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other sensitive information."
            }
          ],
          "value": "Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other sensitive information."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-09T07:56:41.147Z",
        "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "shortName": "DIVD"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://csirt.divd.nl/CVE-2023-25913"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://csirt.divd.nl/DIVD-2023-00025"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Authentication Bypass in Danfoss AK-SM800A",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Upgrade to the latest patch, which is version 3.3."
            }
          ],
          "value": "Upgrade to the latest patch, which is version 3.3."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
    "assignerShortName": "DIVD",
    "cveId": "CVE-2023-25913",
    "datePublished": "2023-08-21T20:30:03.854Z",
    "dateReserved": "2023-02-16T14:22:41.966Z",
    "dateUpdated": "2025-01-09T07:56:41.147Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design

Strategy: Libraries or Frameworks

Use an authentication framework or library such as the OWASP ESAPI Authentication feature.

CAPEC-114: Authentication Abuse

An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker.

CAPEC-115: Authentication Bypass

An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place.

CAPEC-151: Identity Spoofing

Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials.

CAPEC-194: Fake the Source of Data

An adversary takes advantage of improper authentication to provide data or services under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or to assume the rights granted to another individual. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. The root of the attack (in this case the email system) fails to properly authenticate the source and this results in the reader incorrectly performing the instructed action. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.

CAPEC-22: Exploiting Trust in Client

An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.

CAPEC-57: Utilizing REST's Trust in the System Resource to Obtain Sensitive Data

This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to obtain sensitive data once SSL is terminated.

CAPEC-593: Session Hijacking

This type of attack involves an adversary that exploits weaknesses in an application's use of sessions in performing authentication. The adversary is able to steal or manipulate an active session and use it to gain unathorized access to the application.

CAPEC-633: Token Impersonation

An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.

CAPEC-650: Upload a Web Shell to a Web Server

By exploiting insufficient permissions, it is possible to upload a web shell to a web server in such a way that it can be executed remotely. This shell can have various capabilities, thereby acting as a "gateway" to the underlying web server. The shell might execute at the higher permission level of the web server, providing the ability the execute malicious code at elevated levels.

CAPEC-94: Adversary in the Middle (AiTM)

An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components.