exploitDog

CVE-2023-26829

Опубликовано: 31 мар. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

An authentication bypass vulnerability in the Password Reset component of Gladinet CentreStack before 13.5.9808 allows remote attackers to set a new password for any valid user account, without needing the previous known password, resulting in a full authentication bypass.

Ссылки

https://www.whiteoaksecurity.com/blog/centrestack-disclosure/
Exploit
Vendor Advisory
https://www.whiteoaksecurity.com/blog/centrestack-disclosure/
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gladinet:centrestack:*:*:*:*:*:*:*:*

Версия до 13.5.9808 (исключая)

EPSS

Процентиль: 52%

0.00294

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-863

CWE-863

Связанные уязвимости

GHSA-h55p-3mg5-547m

CVSS3: 9.8

github

почти 3 года назад

An authentication bypass vulnerability in the Password Reset component of Gladinet CentreStack before 13.5.9808 allows remote attackers to set a new password for any valid user account, without needing the previous known password, resulting in a full authentication bypass.

EPSS

Процентиль: 52%

0.00294

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-863

CWE-863