Main Vulnerability Database Vulnerabilities #VU71605

#VU71605 Unprotected storage of credentials in Wattbox WB-300-IP-3 - CVE-2023-22389

Published: January 27, 2023

Vulnerability identifier: #VU71605

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-22389

CWE-ID: CWE-256

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Wattbox WB-300-IP-3

Software vendor:
Snap One

Description

The vulnerability allows a remote attacker to gain access to other users' credentials.

The vulnerability exists due to application stored credentials in plain text in a configuration file on the system. A remote attacker on the local network can view contents of the configuration file and gain access to passwords for 3rd party integration.

Remediation

Install updates from vendor's website.

External links

https://ics-cert.us-cert.gov/advisories/icsa-23-026-03

#VU71605 Unprotected storage of credentials in Wattbox WB-300-IP-3 - CVE-2023-22389

Description

Remediation

External links

Please verify you're human