Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-33274: (CVE-2023-33274) SNMP Web Pro 1.1 Authorization Bypass

The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface (CGI) scripts without proper identification or authorization. This vulnerability arises from a lack of proper cookie verification and affects all instances of SNMP Web Pro 1.1 without HTTP Digest authentication enabled, regardless of the password used for the web interface.

CVE
#vulnerability#web#auth

1. ADVISORY INFORMATION

=======================

Product: SNMP Web Pro 1.1

Vendor URL: https://voltronicpower.com/

Type: Improper Access Control [CWE-284]

Date found: 2023-05-12

Date published: 2023-06-30

CVSSv3 Score: 9.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)

CVE: CVE-2023-33274

2. CREDITS

==========

This vulnerability was discovered and researched by Ph4nt0mByt3.

3. VERSIONS AFFECTED

====================

SNMP Web Pro 1.1

4. INTRODUCTION

===============

SNMP Web Pro 1.1 is a web interface to control UPS systems

5. VULNERABILITY DETAILS

========================

The web server allows make direct cgi requests without proper authorization, resulting in total control o UPS systems

6. PROOF OF CONCEPT

========================

Make a direct request to cgi endpoints to control over UPS.

7. SOLUTION

=======================

Enable HTTP Basic to prevent direct cgi requests with strength user:pass

8. REFERENCES

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33274

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907