CVE-2023-7007
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Summary
Sciener server does not validate connection requests from the GatewayG2, allowing an impersonation attack that provides the attacker the unlockKey field.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Sciener | Gateway G2 | 6.0.0 <= 6.0.0 | affected |
Weaknesses
- CWE-290 Authentication Bypass by Spoofing
- CWE-287 Improper Authentication
- CWE-306 Missing Authentication for Critical Function
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.