Galaxy Software Services Vitals ESP - Use of Hard-coded Cryptographic Key
CVE-2023-37291

8.6HIGH

Key Information:

Vendor: Galaxy Software Services
Status: Vitals Esp
Vendor: CVE Published:; 21 July 2023

🔔 Create Galaxy Software Services Vulnerability Alert

What is CVE-2023-37291?

Galaxy Software Services Vitals ESP contains a significant vulnerability due to the use of a hard-coded encryption key. This flaw allows unauthenticated remote attackers to exploit the system by generating a valid token parameter. Successfully exploiting this vulnerability grants unauthorized access, enabling attackers to operate system processes and retrieve sensitive data, thus undermining the integrity and security of the application.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Vitals ESP 3.0.8 <= 6.2.0

References

https://www.twcert.org.tw/tw/cp-132-7224-4fe1f-1.html

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 21, 2023
Vulnerability Reserved
Jun 30, 2023

JSON