Vulnerability Description
The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redlion | Crimson | < 3.2 |
| Redlion | Da50A | - |
| Redlion | Da70A | - |
Related Weaknesses (CWE)
References
- https://support.redlion.net/hc/en-us/categories/360002087671-Security-AdvisoriesVendor Advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-01Third Party AdvisoryUS Government Resource
- https://support.redlion.net/hc/en-us/categories/360002087671-Security-AdvisoriesVendor Advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2023-5719?
CVE-2023-5719 is a vulnerability with a CVSS score of 8.8 (HIGH). The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a ...
How severe is CVE-2023-5719?
CVE-2023-5719 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-5719?
Check the references section above for vendor advisories and patch information. Affected products include: Redlion Crimson, Redlion Da50A, Redlion Da70A.