CVE-2023-4816

CVSS 3.1 Score 6.9 of 10 (medium)

Details

Published Sep 11, 2023
Updated: Sep 13, 2023
CWE ID 287

Summary

CVE-2023-4816 is a vulnerability that affects the Equipment Tag Out authentication system when configured with Single Sign-On (SSO) with password validation in T214. This vulnerability allows an authenticated user to perform an Equipment Tag Out holder action (Accept, Release, and Clear) for another user and enter an arbitrary password in the confirmation dialog box. Despite entering an arbitrary password, the system will still execute the selected holder action. The vulnerability has a risk score of 65 and a base severity of MEDIUM. It requires high privileges and user interaction, and can be exploited over a network. The impact includes high integrity impact and low availability impact, with no confidentiality impact. The affected products include rQFqnN, rQFqnO, rQFqnP, rQFqnQ, rQFqnR, t0UBNF, rQFqnS, and t0UBNE. Remediation measures have not been specified in the provided information.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-4816 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options