CVE-2023-43742 — CRITICAL (9.8)

Q: How severe is CVE-2023-43742?

CVE-2023-43742 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2023-43742?

Check the references section above for vendor advisories and patch information. Affected products include: Zultys Mx-Se Firmware, Zultys Mx-Se, Zultys Mx-Se Ii Firmware, Zultys Mx-Se Ii, Zultys Mx-E Firmware.

Vulnerability Description

An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an unauthenticated attacker to obtain an administrative session via a protection mechanism failure in the authentication function. In normal operation, the Zultys MX Administrator Windows client connects to port 7505 and attempts authentication, submitting the administrator username and password to the server. Upon authentication failure, the server sends a login failure message prompting the client to disconnect. However, if the client ignores the failure message instead and attempts to continue, the server does not forcibly close the connection and processes all subsequent requests from the client as if authentication had been successful.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Zultys	Mx-Se Firmware	< 16.0.4
Zultys	Mx-Se	-
Zultys	Mx-Se Ii Firmware	< 16.0.4
Zultys	Mx-Se Ii	-
Zultys	Mx-E Firmware	< 16.0.4
Zultys	Mx-E	-
Zultys	Mx-Virtual Firmware	< 16.0.4
Zultys	Mx-Virtual	-
Zultys	Mx250 Firmware	< 16.0.4
Zultys	Mx250	-
Zultys	Mx30 Firmware	< 16.0.4
Zultys	Mx30	-

Related Weaknesses (CWE)

CWE-287

References

https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0002.mdThird Party Advisory
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0002.mdThird Party Advisory

FAQ

What is CVE-2023-43742?

CVE-2023-43742 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an unauthenticated attacker to ob...

How severe is CVE-2023-43742?

CVE-2023-43742 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2023-43742?

Check the references section above for vendor advisories and patch information. Affected products include: Zultys Mx-Se Firmware, Zultys Mx-Se, Zultys Mx-Se Ii Firmware, Zultys Mx-Se Ii, Zultys Mx-E Firmware.