CVE-2023-5879 — MEDIUM (6.8)

Q: How severe is CVE-2023-5879?

CVE-2023-5879 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-5879?

Check the references section above for vendor advisories and patch information. Affected products include: Geniecompany Aladdin Connect.

Vulnerability Description

Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices. This allows the attacker, with access to the android device, to potentially retrieve users' clear text authentication credentials.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Geniecompany	Aladdin Connect	< 5.73

Related Weaknesses (CWE)

CWE-922

References

https://www.rapid7.com/blog/post/2024/01/03/genie-aladdin-connect-retrofit-garagVendor Advisory
https://www.rapid7.com/blog/post/2024/01/03/genie-aladdin-connect-retrofit-garagVendor Advisory

FAQ

What is CVE-2023-5879?

CVE-2023-5879 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices. This allows the atta...

How severe is CVE-2023-5879?

CVE-2023-5879 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-5879?

Check the references section above for vendor advisories and patch information. Affected products include: Geniecompany Aladdin Connect.