CVE-2023-26154

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Published Dec 6, 2023
Updated: Dec 11, 2023
CWE ID 331

Summary

CVE-2023-26154 is a vulnerability that affects multiple versions of the PubNub package, including versions before 7.4.0, 6.19.0, and 7.3.0, as well as various other packages such as com.pubnub:pubnub and github.com/pubnub/go/v7. The vulnerability is due to an inefficient implementation of the AES-256-CBC cryptographic algorithm in the getKey function, which results in insufficient entropy. This means that the provided encrypt function is less secure when hex encoding and trimming are applied, leaving half of the bits in the key always the same for every encoded message. The vulnerability poses a medium risk with a base score of 5.9 according to [email protected], with high impact on confidentiality but no impact on integrity or availability. The exploitability score is 2.2 out of 10, indicating a relatively low level of ease for an attacker to exploit this vulnerability remotely without any privileges required from the user.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-26154 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options