Encryption Vulnerability in Teledyne FLIR M300
CVE-2023-46294

3.4LOW

Key Information:

Vendor: Teledyne FLIR
Vendor: CVE Published:; 1 May 2024

🔔 Create Teledyne FLIR Vulnerability Alert

What is CVE-2023-46294?

An encryption vulnerability exists within the Teledyne FLIR M300, which affects version 2.00-19. This issue stems from the local encryption of user account passwords that can be decrypted into cleartext using the utility umSetup. The utility requires root permissions for execution, posing a significant security risk if unauthorized users gain access to root privileges. This vulnerability highlights the need for improved password handling and encryption protocols to safeguard user data against unauthorized access, thereby enhancing the overall security of the system.

References

https://Loudmouth.io

https://gitlab.com/loudmouth-security/vulnerability-discl...

CVSS V3.1

Score:

3.4

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2024
Vulnerability Reserved
Oct 21, 2023

CVE-2023-46294 Data

JSON