SB2023012713 - Multiple vulnerabilities in Econolite EOS

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023012713

SB2023012713 - Multiple vulnerabilities in Econolite EOS

Published: January 27, 2023

Security Bulletin ID SB2023012713
Severity
High
Patch available
NO
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

High 50% Medium 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Improper access control (CVE-ID: CVE-2023-0451)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper password requirement for gaining "READONLY" access to log files, as well as certain database and configuration files. A remote attacker can bypass implemented security restrictions and gain unauthorized access to sensitive information on the system.


2) Reversible One-Way Hash (CVE-ID: CVE-2023-0452)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a weak hash algorithm for encrypting privileged user credentials. A remote attacker can access the configuration file that is accessible without authentication.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References