CVE-2023-43843

{"id": "CVE-2023-43843", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 3.9}]}, "published": "2024-05-28T19:15:09.273", "references": [{"url": "https://github.com/setersora/pe6208", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://github.com/setersora/pe6208", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "Incorrect access control in the account management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to read user and administrator accounts passwords via HTTP GET request."}, {"lang": "es", "value": "El control de acceso incorrecto en la funci\u00f3n de administraci\u00f3n de cuentas de la interfaz web en Aten PE6208 2.3.228 y 2.4.232 permite a los usuarios autenticados remotamente leer las contrase\u00f1as de las cuentas de usuario y administrador a trav\u00e9s de una solicitud HTTP GET."}], "lastModified": "2025-06-03T15:23:39.380", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:aten:pe6208_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDCBDF8A-295F-4E24-B7ED-C2D8C229B2D7", "versionEndExcluding": "2.4.239", "versionStartIncluding": "2.3.228"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:aten:pe6208:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5D32AAB9-F426-4F0C-8705-04D0B89D52D1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}