Vulnerability Details : CVE-2023-42419
Maintenance Server, in Cybellum's QCOW air-gapped distribution (China Edition), versions 2.15.5 through 2.27, was compiled with a hard-coded private cryptographic key.
An attacker with administrative privileges & access to the air-gapped server could potentially use this key to run commands on the server.
The issue was resolved in version 2.28.
Earlier versions, including all Cybellum 1.x versions, and distributions for the rest of the world remain unaffected.
Products affected by CVE-2023-42419
Please log in to view affected product information.
Exploit prediction scoring system (EPSS) score for CVE-2023-42419
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 9 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-42419
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.8
|
LOW | CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L |
0.3
|
3.4
|
Cybellum Technologies LTD | 2024-03-05 |
References for CVE-2023-42419
-
https://cybellum.com/
Product Security for Automotive, Medical & Industrial | Cybellum
Jump to