Unauthorized Access to Sensitive Functionality via Inadequate ACLs
CVE-2023-41918

10CRITICAL

Key Information:

Vendor: Kiloview
Status: P1/p2
Vendor: CVE Published:; 2 July 2024

What is CVE-2023-41918?

A vulnerability exists within an affected vendor's product that permits unauthorized access to certain functionalities which are not properly constrained by access control lists (ACLs). This flaw could be exploited by attackers to execute commands without authentication, potentially leading to unauthorized manipulation of data, access to privileged functions, or arbitrary code execution. Users of the affected versions should take immediate precautions to mitigate risks associated with this vulnerability.

Affected Version(s)

P1/P2 All <= 4.8.2605

References

https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 2, 2024
Vulnerability Reserved
Sep 5, 2023

JSON

Kiloview

What is CVE-2023-41918?

Affected Version(s)

References

CVSS V3.1

Timeline