CVE-2023-42419
3.8
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
Summary
Maintenance Server, in Cybellum's QCOW air-gapped distribution (China Edition), versions 2.15.5 through 2.27, was compiled with a hard-coded private cryptographic key.
An attacker with administrative privileges & access to the air-gapped server could potentially use this key to run commands on the server. The issue was resolved in version 2.28. Earlier versions, including all Cybellum 1.x versions, and distributions for the rest of the world remain unaffected.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cybellum | Maintenance Server | 2.15.5 <= 2.27 | affected |
| Cybellum | Maintenance Server | 1.* | unaffected |
| Cybellum | Maintenance Server | 2.0 <= 2.19 | unaffected |
| Cybellum | Maintenance Server | 2.28 <= or above | unaffected |
Weaknesses
- cwe-321 Use of Hard-coded Cryptographic Key
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.