CVE-2023-1699 — MEDIUM (4.3)

Q: How severe is CVE-2023-1699?

CVE-2023-1699 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-1699?

Check the references section above for vendor advisories and patch information. Affected products include: Rapid7 Nexpose.

Vulnerability Description

Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. This vulnerability is fixed in version 6.6.187.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Rapid7	Nexpose	< 6.6.187

Related Weaknesses (CWE)

CWE-425

References

https://docs.rapid7.com/release-notes/nexpose/20230329/Release Notes
https://docs.rapid7.com/release-notes/nexpose/20230329/Release Notes

FAQ

What is CVE-2023-1699?

CVE-2023-1699 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages...

How severe is CVE-2023-1699?

CVE-2023-1699 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-1699?

Check the references section above for vendor advisories and patch information. Affected products include: Rapid7 Nexpose.