#VU71589 Improper access control in EOS - CVE-2023-0451
Published: January 27, 2023
Vulnerability identifier: #VU71589
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-0451
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
EOS
EOS
Software vendor:
ECONOLITE
ECONOLITE
Description
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper password requirement for gaining "READONLY" access to log files, as well as certain database and configuration files. A remote attacker can bypass implemented security restrictions and gain unauthorized access to sensitive information on the system.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.