Vulnerability Details : CVE-2023-0506
The web service of ByDemes Group Airspace CCTV Web Service in its 2.616.BY00.11 version, contains a privilege escalation vulnerability, detected in the Camera Control Panel, whose exploitation could allow a low-privileged attacker to gain administrator access.
Published
2023-10-03 14:15:10
Updated
2023-10-05 01:00:11
Vulnerability category: BypassGain privilege
Products affected by CVE-2023-0506
- cpe:2.3:a:bydemes:airspace_cctv_web_service:2.616.by00.11:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-0506
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 17 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-0506
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
Spanish National Cybersecurity Institute, S.A. (INCIBE) | |
|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2023-0506
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: cve-coordination@incibe.es (Secondary)
References for CVE-2023-0506
-
https://www.incibe.es/en/incibe-cert/notices/aviso/inadequate-access-control-demes-group-products
Inadequate Access Control Demes Group Products | INCIBE-CERT | INCIBEThird Party Advisory
-
https://github.com/zerolynx/wstg/blob/master/document/4-Web_Application_Security_Testing/05-Authorization_Testing/02-Testing_for_Bypassing_Authorization_Schema.md
wstg/document/4-Web_Application_Security_Testing/05-Authorization_Testing/02-Testing_for_Bypassing_Authorization_Schema.md at master · zerolynx/wstg · GitHubNot Applicable
Jump to