CVE-2023-28649

Опубликовано: 22 мая 2023

Источник: nvd

CVSS3: 8.6

CVSS3: 7.5

EPSS Низкий

Описание

The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. A vulnerability exists in which an attacker could impersonate a hub and send device requests to claim already claimed devices. The OvrC cloud platform receives the requests but does not validate if the found devices are already managed by another user.

Ссылки

https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01
Third Party Advisory
US Government Resource
https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdf
Release Notes
https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01
Third Party Advisory
US Government Resource
https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdf
Release Notes

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:snapone:orvc:*:*:*:*:*:pro:*:*

Версия до 7.3.0 (исключая)

cpe:2.3:h:snapone:ovrc-300-pro:-:*:*:*:*:*:*:*

EPSS

Процентиль: 15%

0.00049

Низкий

8.6 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-413

CWE-20

Связанные уязвимости

GHSA-rcv8-v727-xg26

CVSS3: 8.6

github

больше 2 лет назад

EPSS

Процентиль: 15%

0.00049

Низкий

8.6 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-413

CWE-20