CVE-2023-45083
HyperCloud: "admin" and "serveradmin" users can be deleted
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability for a user to authenticate against the management plane. An authenticated admin-level user may be able to delete the "admin" or "serveradmin" users, which prevents authentication from subsequently succeeding. This issue affects HyperCloud versions 1.0 to any release before 2.1.
Existe una vulnerabilidad de gestión de privilegios inadecuada en HyperCloud que afectará la capacidad de un usuario para autenticarse en el plano de gestión. Un usuario de nivel de administrador autenticado puede eliminar los usuarios "admin" o "serveadmin", lo que impide que la autenticación se realice correctamente posteriormente. Este problema afecta a las versiones 1.0 de HyperCloud hasta cualquier versión anterior a la 2.1.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-10-03 CVE Reserved
- 2023-12-05 CVE Published
- 2023-12-06 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-269: Improper Privilege Management
CAPEC
- CAPEC-212: Functionality Misuse
References (1)
| URL | Tag | Source |
|---|---|---|
| https://advisories.softiron.cloud | Release Notes |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Softiron Search vendor "Softiron" | Hypercloud Search vendor "Softiron" for product "Hypercloud" | >= 1.0 < 2.1.0 Search vendor "Softiron" for product "Hypercloud" and version " >= 1.0 < 2.1.0" | - |
Affected
| ||||||