exploitDog

CVE-2023-3548

Опубликовано: 25 июл. 2023

Источник: nvd

CVSS3: 8.3

CVSS3: 9.8

EPSS Низкий

Описание

An unauthorized user could gain account access to IQ Wifi 6 versions prior to 2.0.2 by conducting a brute force authentication attack.

Ссылки

https://www.cisa.gov/news-events/ics-advisories/icsa-23-206-04
Third Party Advisory
US Government Resource
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
Vendor Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-23-206-04
Third Party Advisory
US Government Resource
https://www.johnsoncontrols.com/cyber-solutions/security-advisories
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:johnsoncontrols:iq_wifi_6_firmware:*:*:*:*:*:*:*:*

Версия до 2.0.2 (исключая)

cpe:2.3:h:johnsoncontrols:iq_wifi_6:-:*:*:*:*:*:*:*

EPSS

Процентиль: 34%

0.00134

Низкий

8.3 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-307

CWE-307

Связанные уязвимости

GHSA-682j-8mf5-c3gv

CVSS3: 8.3

github

больше 2 лет назад

An unauthorized user could gain account access to IQ Wifi 6 versions prior to 2.0.2 by conducting a brute force authentication attack.

EPSS

Процентиль: 34%

0.00134

Низкий

8.3 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-307

CWE-307