CVE-2023-28395

Summary

Osprey Pump Controller version 1.01 is vulnerable to a weak session token generation algorithm that can be predicted and can aid in authentication and authorization bypass. This may allow an attacker to hijack a session by predicting the session id and gain unauthorized access to the product.

Affected Software

VendorProductVersion RangeStatus
ProPump and Controls, Inc.Osprey Pump Controller1.01affected

Weaknesses

  • CWE-331 Insufficient Entropy

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References