CVE-2023-3243 — HIGH (8.3) — White Hats Nepal

Vulnerability Description

** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authenticating hash and utilize it to create new sessions. The hash is also a poorly salted MD5 hash, which could result in a successful brute force password attack. Impacted product is BCM-WEB version 3.3.X. Recommended fix: Upgrade to a supported product such as Alerton ACM.] Out of an abundance of caution, this CVE ID is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded.

CVSS Score

8.3

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

LOW

Affected Products

Vendor	Product	Versions
Honeywell	Alerton Bcm-Web Firmware	-
Honeywell	Alerton Bcm-Web	-

Related Weaknesses (CWE)

CWE-326 CWE-290

References

https://www.honeywell.com/us/en/product-securityNot Applicable
https://www.honeywell.com/us/en/product-securityNot Applicable

FAQ

What is CVE-2023-3243?

CVE-2023-3243 is a vulnerability with a CVSS score of 8.3 (HIGH). ** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authenticating hash and utilize it to create new sessions. The hash is also a poorly salted MD5 hash, which could result in a successful br...

How severe is CVE-2023-3243?

CVE-2023-3243 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-3243?

Check the references section above for vendor advisories and patch information. Affected products include: Honeywell Alerton Bcm-Web Firmware, Honeywell Alerton Bcm-Web.