CVE-2023-49599

An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted series of HTTP requests can lead to privilege escalation. An attacker can gather system information via HTTP requests and brute force the salt offline, leading to forging a legitimate password recovery code for the admin user.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wwbn:avideo:15fed957fb:*:*:*:*:*:*:*

History

21 Nov 2024, 08:33

Type Values Removed Values Added
References () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1900 - Exploit, Third Party Advisory () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1900 - Exploit, Third Party Advisory

17 Jan 2024, 15:14

Type Values Removed Values Added
CPE cpe:2.3:a:wwbn:avideo:15fed957fb:*:*:*:*:*:*:*
Summary
  • (es) Existe una vulnerabilidad de entropía insuficiente en la funcionalidad salt generation de WWBN AVideo dev master commit 15fed957fb. Una serie de solicitudes HTTP especialmente manipuladas pueden provocar una escalada de privilegios. Un atacante puede recopilar información del sistema a través de solicitudes HTTP y aplicar fuerza bruta al salt offline, lo que lleva a falsificar un código de recuperación de contraseña legítimo para el usuario administrador.
Summary (en) An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted series of HTTP requests can lead to privilege escalation. An attacker can gather system information via HTTP requests and bruteforce the salt offline, leading to forging a legitimate password recovery code for the admin user. (en) An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted series of HTTP requests can lead to privilege escalation. An attacker can gather system information via HTTP requests and brute force the salt offline, leading to forging a legitimate password recovery code for the admin user.
First Time Wwbn avideo
Wwbn
References () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1900 - () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1900 - Exploit, Third Party Advisory

10 Jan 2024, 18:15

Type Values Removed Values Added
References
  • {'url': 'https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1900', 'source': 'talos-cna@cisco.com'}

10 Jan 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-10 16:15

Updated : 2024-11-21 08:33


NVD link : CVE-2023-49599

Mitre link : CVE-2023-49599

CVE.ORG link : CVE-2023-49599


JSON object : View

Products Affected

wwbn

  • avideo
CWE
CWE-331

Insufficient Entropy