Main Vulnerability Database Vulnerabilities #VU81228

Authentication Bypass by Capture-replay in Bently Nevada 3500 Rack - CVE-2023-36857

Published: September 27, 2023

Vulnerability identifier: #VU81228

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-36857

CWE-ID: CWE-294

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Bently Nevada 3500 Rack

Software vendor:
Bently Nevada

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to authentication bypass by capture-replay. A remote attacker on the local network can steal the authentication secret from communication traffic to the device and reuse it for arbitrary requests.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-05

Authentication Bypass by Capture-replay in Bently Nevada 3500 Rack - CVE-2023-36857

Description

Remediation

External links

Please verify you're human