CVE-2023-3127

Summary

An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights.

Affected Software

VendorProductVersion RangeStatus
Sensormatic Electronics, a subsidiary of Johnson Controls, Inc.iSTAR Ultra>6.8.6 < 6.9.2 CU01affected
Sensormatic Electronics, a subsidiary of Johnson Controls, Inc.iSTAR Ultra LT>6.8.6 < 6.9.2 CU01affected
Sensormatic Electronics, a subsidiary of Johnson Controls, Inc.iSTAR Ultra G20 < 6.9.2 CU01affected
Sensormatic Electronics, a subsidiary of Johnson Controls, Inc.iSTAR Edge G20 < 6.9.2 CU01affected

Weaknesses

  • CWE-287: CWE-287 Improper Authentication

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References