CWE-321
Use of Hard-coded Cryptographic Key
The product uses a hard-coded, unchangeable cryptographic key.
CVE-2022-36925 (GCVE-0-2022-36925)
Vulnerability from cvelistv5 – Published: 2023-01-09 00:00 – Updated: 2025-04-09 14:33
VLAI
Title
Insecure key generation for Zoom Rooms for macOS Clients
Summary
Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism. The encryption key used for IPC between the Zoom Rooms daemon service and the Zoom Rooms client was generated using parameters that could be obtained by a local low-privileged application. That key can then be used to interact with the daemon service to execute privileged functions and cause a local denial of service.
Severity
4.4 (Medium)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Zoom Video Communications Inc | Zoom Rooms for macOS |
Affected:
unspecified , < 5.11.4
(custom)
|
Date Public
2023-01-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:14:29.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36925",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T14:32:16.903109Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T14:33:28.921Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Zoom Rooms for macOS",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.11.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-01-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism. The encryption key used for IPC between the Zoom Rooms daemon service and the Zoom Rooms client was generated using parameters that could be obtained by a local low-privileged application. That key can then be used to interact with the daemon service to execute privileged functions and cause a local denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321: Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-09T00:00:00.000Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Insecure key generation for Zoom Rooms for macOS Clients",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2022-36925",
"datePublished": "2023-01-09T00:00:00.000Z",
"dateReserved": "2022-07-27T00:00:00.000Z",
"dateUpdated": "2025-04-09T14:33:28.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0391 (GCVE-0-2023-0391)
Vulnerability from cvelistv5 – Published: 2023-03-21 19:25 – Updated: 2025-02-26 16:34
VLAI
Title
MGT-COMMERCE CloudPanel Shared Certificate
Summary
MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1.
Severity
8.1 (High)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.rapid7.com/blog/post/2023/03/21/cve-2… | third-party-advisory |
| https://www.bleepingcomputer.com/news/security/cl… | media-coverage |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MGT-COMMERCE | CloudPanel |
Affected:
0 , ≤ 2.2.0
(semver)
|
Date Public
2023-03-21 19:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:55.793Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.rapid7.com/blog/post/2023/03/21/cve-2023-0391-mgt-commerce-cloudpanel-shared-certificate-vulnerability-and-weak-installation-procedures/"
},
{
"tags": [
"media-coverage",
"x_transferred"
],
"url": "https://www.bleepingcomputer.com/news/security/cloudpanel-installations-use-the-same-ssl-certificate-private-key/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-0391",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T16:34:02.699683Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T16:34:47.683Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CloudPanel",
"vendor": "MGT-COMMERCE",
"versions": [
{
"lessThanOrEqual": "2.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tod Beardsley of Rapid7"
}
],
"datePublic": "2023-03-21T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1."
}
],
"value": "MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321 Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-23T18:36:43.772Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.rapid7.com/blog/post/2023/03/21/cve-2023-0391-mgt-commerce-cloudpanel-shared-certificate-vulnerability-and-weak-installation-procedures/"
},
{
"tags": [
"media-coverage"
],
"url": "https://www.bleepingcomputer.com/news/security/cloudpanel-installations-use-the-same-ssl-certificate-private-key/"
}
],
"source": {
"discovery": "USER"
},
"title": "MGT-COMMERCE CloudPanel Shared Certificate",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2023-0391",
"datePublished": "2023-03-21T19:25:25.895Z",
"dateReserved": "2023-01-18T19:24:25.810Z",
"dateUpdated": "2025-02-26T16:34:47.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20016 (GCVE-0-2023-20016)
Vulnerability from cvelistv5 – Published: 2023-02-23 00:00 – Updated: 2024-10-25 16:04
VLAI
Title
Cisco FXOS Software and UCS Manager Software Configuration Backup Static Key Vulnerability
Summary
A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method used for the backup function. An attacker could exploit this vulnerability by leveraging a static key used for the backup configuration feature. A successful exploit could allow the attacker to decrypt sensitive information that is stored in full state and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and other credentials.
Severity
6.3 (Medium)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://sec.cloudapps.cisco.com/security/center/c… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Unified Computing System (Managed) |
Affected:
n/a
|
Date Public
2023-02-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20230223 Cisco FXOS Software and UCS Manager Software Configuration Backup Static Key Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsm-bkpsky-H8FCQgsA"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20016",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T14:36:41.126540Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T16:04:01.210Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Unified Computing System (Managed)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2023-02-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method used for the backup function. An attacker could exploit this vulnerability by leveraging a static key used for the backup configuration feature. A successful exploit could allow the attacker to decrypt sensitive information that is stored in full state and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and other credentials."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-23T00:00:00.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20230223 Cisco FXOS Software and UCS Manager Software Configuration Backup Static Key Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsm-bkpsky-H8FCQgsA"
}
],
"source": {
"advisory": "cisco-sa-ucsm-bkpsky-H8FCQgsA",
"defect": [
[
"CSCvm53827",
"CSCwc01592"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco FXOS Software and UCS Manager Software Configuration Backup Static Key Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20016",
"datePublished": "2023-02-23T00:00:00.000Z",
"dateReserved": "2022-10-27T00:00:00.000Z",
"dateUpdated": "2024-10-25T16:04:01.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20038 (GCVE-0-2023-20038)
Vulnerability from cvelistv5 – Published: 2023-01-19 01:34 – Updated: 2024-10-28 16:34
VLAI
Summary
A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems.
This vulnerability is due to a static key value stored in the application used to encrypt application data and remote credentials. An attacker could exploit this vulnerability by gaining local access to the server Cisco Industrial Network Director is installed on. A successful exploit could allow the attacker to decrypt data allowing the attacker to access remote systems monitored by Cisco Industrial Network Director.
Severity
8.8 (High)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Industrial Network Director |
Affected:
1.5.0
Affected: 1.5.1 Affected: 1.4.0 Affected: 1.0.0 Affected: 1.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-ind-fZyVjJtG",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-fZyVjJtG"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20038",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T16:19:28.780949Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T16:34:24.962Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Industrial Network Director",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.5.0"
},
{
"status": "affected",
"version": "1.5.1"
},
{
"status": "affected",
"version": "1.4.0"
},
{
"status": "affected",
"version": "1.0.0"
},
{
"status": "affected",
"version": "1.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems.\r\n\r This vulnerability is due to a static key value stored in the application used to encrypt application data and remote credentials. An attacker could exploit this vulnerability by gaining local access to the server Cisco Industrial Network Director is installed on. A successful exploit could allow the attacker to decrypt data allowing the attacker to access remote systems monitored by Cisco Industrial Network Director."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:57:35.790Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ind-fZyVjJtG",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-fZyVjJtG"
}
],
"source": {
"advisory": "cisco-sa-ind-fZyVjJtG",
"defects": [
"CSCwc29341"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20038",
"datePublished": "2023-01-19T01:34:24.311Z",
"dateReserved": "2022-10-27T18:47:50.316Z",
"dateUpdated": "2024-10-28T16:34:24.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21404 (GCVE-0-2023-21404)
Vulnerability from cvelistv5 – Published: 2023-05-08 00:00 – Updated: 2025-01-29 16:13
VLAI
Summary
AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication nor can it be used to compromise the device or any customer data.
Severity
4.1 (Medium)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Axis Communications AB | AXIS OS |
Affected:
AXIS OS 11.0.X - 11.3.x
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:34.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.axis.com/dam/public/07/0a/20/cve-2023-21404-en-US-398426.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-21404",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T16:11:58.437819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T16:13:31.188Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AXIS OS",
"vendor": "Axis Communications AB",
"versions": [
{
"status": "affected",
"version": "AXIS OS 11.0.X - 11.3.x"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication nor can it be used to compromise the device or any customer data.\u003c/p\u003e"
}
],
"value": "AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication nor can it be used to compromise the device or any customer data."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321: Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T08:36:05.324Z",
"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"shortName": "Axis"
},
"references": [
{
"url": "https://www.axis.com/dam/public/07/0a/20/cve-2023-21404-en-US-398426.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"assignerShortName": "Axis",
"cveId": "CVE-2023-21404",
"datePublished": "2023-05-08T00:00:00.000Z",
"dateReserved": "2022-11-04T00:00:00.000Z",
"dateUpdated": "2025-01-29T16:13:31.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2158 (GCVE-0-2023-2158)
Vulnerability from cvelistv5 – Published: 2023-04-27 17:04 – Updated: 2025-01-31 18:16
VLAI
Title
Impersonation through User-Controlled Token
Summary
Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user's account by crafting a custom "Remember Me" token. This is possible due to the use of a hard-coded cipher which was used when generating the token. A malicious actor who creates this token can supply it to a separate Code Dx system, provided they know the username they want to impersonate, and impersonate the user. Score 6.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Severity
9.8 (Critical)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:12:20.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.synopsys.com/s/question/0D5Hr00006VdZblKAF/announcement-changelog-code-dx-202342"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-2158",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T18:16:43.307758Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T18:16:46.890Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Code Dx",
"vendor": "Synopsys",
"versions": [
{
"lessThanOrEqual": "2023.4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user\u0027s account by crafting a custom \"Remember Me\" token. This is possible due to the use of a hard-coded cipher which was used when generating the token. A malicious actor who creates this token can supply it to a separate Code Dx system, provided they know the username they want to impersonate, and impersonate the user.\u0026nbsp;\u0026nbsp;Score\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e6.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C\u003c/span\u003e\n\n"
}
],
"value": "Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user\u0027s account by crafting a custom \"Remember Me\" token. This is possible due to the use of a hard-coded cipher which was used when generating the token. A malicious actor who creates this token can supply it to a separate Code Dx system, provided they know the username they want to impersonate, and impersonate the user.\u00a0\u00a0Score\u00a06.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-633",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-633 Token Impersonation"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321 Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T17:04:22.879Z",
"orgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b",
"shortName": "SNPS"
},
"references": [
{
"url": "https://community.synopsys.com/s/question/0D5Hr00006VdZblKAF/announcement-changelog-code-dx-202342"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Impersonation through User-Controlled Token",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b",
"assignerShortName": "SNPS",
"cveId": "CVE-2023-2158",
"datePublished": "2023-04-27T17:04:22.879Z",
"dateReserved": "2023-04-18T14:08:54.082Z",
"dateUpdated": "2025-01-31T18:16:46.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21705 (GCVE-0-2023-21705)
Vulnerability from cvelistv5 – Published: 2023-02-14 19:32 – Updated: 2025-01-01 00:40
VLAI
Title
Microsoft SQL Server Remote Code Execution Vulnerability
Summary
Microsoft SQL Server Remote Code Execution Vulnerability
Severity
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
11 products
Date Public
2023-02-14 08:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:44:02.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21705"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems"
],
"product": "Microsoft SQL Server 2012 Service Pack 4 (QFE)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "11.0.7512.11",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "11.0.7512.11",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2017 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "14.0.2047.8",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems",
"32-bit Systems"
],
"product": "Microsoft SQL Server 2014 Service Pack 3 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "12.0.6444.4",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft SQL Server 2014 Service Pack 3 (CU 4)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "12.0.6174.8",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.2101.7",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "13.0.6430.49",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "13.0.7024.30",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2017 (CU 31)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "14.0.3460.9",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2022 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.1050.5",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (CU 18)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.4280.7",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:*:*",
"versionEndExcluding": "11.0.7512.11",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:*:*",
"versionEndExcluding": "11.0.7512.11",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*",
"versionEndExcluding": "14.0.2047.8",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x64:*",
"versionEndExcluding": "12.0.6444.4",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*",
"versionEndExcluding": "12.0.6174.8",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.2101.7",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*",
"versionEndExcluding": "13.0.6430.49",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*",
"versionEndExcluding": "13.0.7024.30",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*",
"versionEndExcluding": "14.0.3460.9",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "16.0.1050.5",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.4280.7",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-02-14T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft SQL Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321: Use of Hard-coded Cryptographic Key",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T00:40:45.910Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21705"
}
],
"title": "Microsoft SQL Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-21705",
"datePublished": "2023-02-14T19:32:43.252Z",
"dateReserved": "2022-12-13T18:08:03.490Z",
"dateUpdated": "2025-01-01T00:40:45.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22844 (GCVE-0-2023-22844)
Vulnerability from cvelistv5 – Published: 2023-07-06 14:53 – Updated: 2025-03-05 18:54
VLAI
Summary
An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability.
Severity
7.3 (High)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Milesight | MilesightVPN |
Affected:
v2.0.2
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1700"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1700",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1700"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22844",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:43:05.920249Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:54:30.930Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MilesightVPN",
"vendor": "Milesight",
"versions": [
{
"status": "affected",
"version": "v2.0.2"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Francesco Benvenuto of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321: Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-06T17:00:07.380Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1700",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1700"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-22844",
"datePublished": "2023-07-06T14:53:33.273Z",
"dateReserved": "2023-01-20T17:32:00.545Z",
"dateUpdated": "2025-03-05T18:54:30.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2637 (GCVE-0-2023-2637)
Vulnerability from cvelistv5 – Published: 2023-06-13 20:15 – Updated: 2025-01-02 20:42
VLAI
Title
Rockwell Automation FactoryTalk System Services Vulnerable To Use Of Hard-Coded Cryptographic Key
Summary
Rockwell Automation's FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies. Hard-coded cryptographic key may lead to privilege escalation. This vulnerability may allow a local, authenticated non-admin user to generate an invalid administrator cookie giving them administrative privileges to the FactoryTalk Policy Manger database. This may allow the threat actor to make malicious changes to the database that will be deployed when a legitimate FactoryTalk Policy Manager user deploys a security policy model. User interaction is required for this vulnerability to be successfully exploited.
Severity
7.3 (High)
CWE
- CWE-321 - Use of Hard-Coded Cryptographic Key
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Rockwell Automation | FactoryTalk System Services |
Affected:
<= 6.20
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:26:09.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139683"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2637",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-02T20:42:16.560791Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T20:42:32.420Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FactoryTalk System Services",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003c= 6.20"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sharon Brizinov of Claroty Research - Team82 "
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eRockwell Automation\u0027s FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies.\u0026nbsp; Hard-coded cryptographic key may lead to privilege escalation.\u0026nbsp; This vulnerability may allow a local, authenticated non-admin user to generate an invalid administrator cookie giving them administrative privileges to the FactoryTalk Policy Manger database. This may allow the threat actor to make malicious changes to the database that will be deployed when a legitimate FactoryTalk Policy Manager user deploys a security policy model. User interaction is required for this vulnerability to be successfully exploited.\u003c/span\u003e\n\n"
}
],
"value": "\nRockwell Automation\u0027s FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies.\u00a0 Hard-coded cryptographic key may lead to privilege escalation.\u00a0 This vulnerability may allow a local, authenticated non-admin user to generate an invalid administrator cookie giving them administrative privileges to the FactoryTalk Policy Manger database. This may allow the threat actor to make malicious changes to the database that will be deployed when a legitimate FactoryTalk Policy Manager user deploys a security policy model. User interaction is required for this vulnerability to be successfully exploited.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-20",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-20 Encryption Brute Forcing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321 Use of Hard-Coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-13T20:15:07.735Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139683"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCustomers using the affected software are encouraged to apply the risk mitigations, if possible.\u003c/span\u003e\u003cul\u003e\u003cli\u003eUpgrade to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://compatibility.rockwellautomation.com/Pages/MultiProductCompareSelections.aspx?crumb=113\u0026amp;versions=61050,59723\"\u003e6.30.00\u003c/a\u003e\u0026nbsp;or later which has been patched to mitigate these issues.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "\nCustomers using the affected software are encouraged to apply the risk mitigations, if possible. * Upgrade to 6.30.00 https://compatibility.rockwellautomation.com/Pages/MultiProductCompareSelections.aspx \u00a0or later which has been patched to mitigate these issues.\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation FactoryTalk System Services Vulnerable To Use Of Hard-Coded Cryptographic Key",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2023-2637",
"datePublished": "2023-06-13T20:15:07.735Z",
"dateReserved": "2023-05-10T20:31:38.532Z",
"dateUpdated": "2025-01-02T20:42:32.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27583 (GCVE-0-2023-27583)
Vulnerability from cvelistv5 – Published: 2023-03-13 20:33 – Updated: 2025-02-25 14:58
VLAI
Title
Panindex uses hard coded cyptographic key
Summary
PanIndex is a network disk directory index. In Panindex prior to version 3.1.3, a hard-coded JWT key `PanIndex` is used. An attacker can use the hard-coded JWT key to sign JWT token and perform any actions as a user with admin privileges. Version 3.1.3 has a patch for the issue. As a workaround, one may change the JWT key in the source code before compiling the project.
Severity
9.8 (Critical)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/px-org/PanIndex/security/advis… | x_refsource_CONFIRM |
| https://github.com/px-org/PanIndex/commit/f7ec0c5… | x_refsource_MISC |
| https://github.com/px-org/PanIndex/releases/tag/v3.1.3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:16:35.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/px-org/PanIndex/security/advisories/GHSA-82wq-gmw8-g87v",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/px-org/PanIndex/security/advisories/GHSA-82wq-gmw8-g87v"
},
{
"name": "https://github.com/px-org/PanIndex/commit/f7ec0c5739af055ad3a825a20294a5c01ada3302",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/px-org/PanIndex/commit/f7ec0c5739af055ad3a825a20294a5c01ada3302"
},
{
"name": "https://github.com/px-org/PanIndex/releases/tag/v3.1.3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/px-org/PanIndex/releases/tag/v3.1.3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27583",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T14:31:09.895498Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T14:58:12.140Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PanIndex",
"vendor": "px-org",
"versions": [
{
"status": "affected",
"version": "\u003c 3.1.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PanIndex is a network disk directory index. In Panindex prior to version 3.1.3, a hard-coded JWT key `PanIndex` is used. An attacker can use the hard-coded JWT key to sign JWT token and perform any actions as a user with admin privileges. Version 3.1.3 has a patch for the issue. As a workaround, one may change the JWT key in the source code before compiling the project.\n \n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321: Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-13T20:33:20.229Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/px-org/PanIndex/security/advisories/GHSA-82wq-gmw8-g87v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/px-org/PanIndex/security/advisories/GHSA-82wq-gmw8-g87v"
},
{
"name": "https://github.com/px-org/PanIndex/commit/f7ec0c5739af055ad3a825a20294a5c01ada3302",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/px-org/PanIndex/commit/f7ec0c5739af055ad3a825a20294a5c01ada3302"
},
{
"name": "https://github.com/px-org/PanIndex/releases/tag/v3.1.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/px-org/PanIndex/releases/tag/v3.1.3"
}
],
"source": {
"advisory": "GHSA-82wq-gmw8-g87v",
"discovery": "UNKNOWN"
},
"title": "Panindex uses hard coded cyptographic key"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-27583",
"datePublished": "2023-03-13T20:33:20.229Z",
"dateReserved": "2023-03-04T01:03:53.633Z",
"dateUpdated": "2025-02-25T14:58:12.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Prevention schemes mirror that of hard-coded password storage.
No CAPEC attack patterns related to this CWE.