Privilege Escalation Vulnerability in Delta Electronics InfraSuite Device Master
CVE-2023-0444

8.8HIGH

Key Information:

Vendor: Deltaww
Status: Delta Electronics Infrasuite Device Master 00.00.02a
Vendor: CVE Published:; 26 January 2023

What is CVE-2023-0444?

A privilege escalation vulnerability has been identified in Delta Electronics InfraSuite Device Master 00.00.02a. This flaw allows a default user, categorized as a 'Read Only User', to access the password of the 'Administrator' account. Consequently, this could enable a lower privileged user to log in with elevated permissions, posing a serious security risk. Organizations utilizing this product should ensure proper access controls are enforced to mitigate potential exploitation of this vulnerability.

Affected Version(s)

Delta Electronics InfraSuite Device Master 00.00.02a Delta Electronics InfraSuite Device Master 00.00.02a

References

https://www.tenable.com/security/research/tra-2023-4

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 26, 2023
Vulnerability Reserved
Jan 23, 2023

CVE-2023-0444 Data

JSON

Deltaww

What is CVE-2023-0444?

Affected Version(s)

References

CVSS V3.1

Timeline