Multiple vulnerabilities in Snap One OvrC Pro



Risk High
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2023-28649
CVE-2023-28412
CVE-2023-31241
CVE-2023-31193
CVE-2023-28386
CVE-2023-31245
CWE-ID CWE-20
CWE-204
CWE-284
CWE-319
CWE-345
CWE-601
Exploitation vector Network
Public exploit N/A
Vulnerable software
OvrC Pro
Other software / Other software solutions

Vendor Snap One

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Input validation error

EUVDB-ID: #VU76373

Risk: High

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-28649

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can impersonate a hub and send device requests to claim already claimed devices.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OvrC Pro: before 7.3

CPE2.3 External links

http://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Observable Response Discrepancy

EUVDB-ID: #VU76374

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-28412

CWE-ID: CWE-204 - Observable Response Discrepancy

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the observable response discrepancy issue. A remote attacker can enumerate the MAC address of devices and disclose their information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OvrC Pro: before 7.3

CPE2.3 External links

http://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper access control

EUVDB-ID: #VU76375

Risk: High

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-31241

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in the Snap One OvrC cloud servers. A remote attacker can bypass implemented security restrictions and claim devices outright.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OvrC Pro: before 7.3

CPE2.3 External links

http://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Cleartext transmission of sensitive information

EUVDB-ID: #VU76376

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-31193

CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker can gain access to sensitive data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OvrC Pro: before 7.3

CPE2.3 External links

http://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Insufficient verification of data authenticity

EUVDB-ID: #VU76377

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-28386

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected devices do not validate firmware updates correctly. A remote attacker can upload arbitrary firmware updates and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OvrC Pro: before 7.3

CPE2.3 External links

http://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Open redirect

EUVDB-ID: #VU76379

Risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-31245

CWE-ID: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Exploit availability: No

Description

The vulnerability allows a remote attacker to redirect victims to arbitrary URL.

The vulnerability exists due to improper sanitization of user-supplied data. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.

Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OvrC Pro: before 7.3

CPE2.3 External links

http://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###