CVE-2023-36483
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Authorization bypass can be achieved by session ID prediction in MASmobile Classic Android version 1.16.18 and earlier and
MASmobile Classic iOS version 1.7.24 and earlier
which allows remote attackers to retrieve sensitive data including customer data, security system status, and event history.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| MAS (a Carrier brand) | MASmobile Classic | 1 <= 1.16.18 | affected |
| MAS (a Carrier brand) | MASmobile Classic | 1 <= 1.7.24 | affected |
| MAS (a Carrier brand) | MAS ASP.Net Services | 1 <= 1.9 | affected |
Weaknesses
- CWE-639: CWE-639 Authorization Bypass Through User-Controlled Key
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.