CVE-2023-39854

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Oct 9, 2023
Updated: Feb 1, 2024
CWE ID 918

Summary

CVE-2023-39854 is a vulnerability found in the web interface of ATX Ucrypt through version 3.5. It allows authenticated users or attackers with default credentials for the admin, master, or user account to include files via a URL in the /hydra/view/get_cc_url parameter, potentially leading to Server Side Request Forgery (SSRF). The vulnerability has a risk score of 25 and a base severity of MEDIUM. It requires low privileges and does not require user interaction. The attack vector is through the network, and it has a high impact on confidentiality. The vulnerability has not been modified since its discovery and affects the product t0IlID. Organizations should remediate this issue by updating to a patched version of ATX Ucrypt to mitigate the potential danger it poses to their systems.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-39854 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options