Root Access Vulnerability in Device
CVE-2023-41920

9.8CRITICAL

Key Information:

Vendor: Kiloview
Status: P1/p2
Vendor: CVE Published:; 2 July 2024

What is CVE-2023-41920?

This vulnerability presents a significant security risk by permitting attackers to gain root access to a device without authentication if the device is configured with a specific IP address. As a result, unauthorized users can exploit this flaw to assume control over the device, potentially leading to further breaches in the network security infrastructure. It is essential for organizations to review their device configurations and implement stringent access controls to safeguard against unauthorized entries.

Affected Version(s)

P1/P2 All <= 4.8.2605

References

https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 2, 2024
Vulnerability Reserved
Sep 5, 2023

Kiloview

What is CVE-2023-41920?

Affected Version(s)

References

CVSS V3.1

Timeline