CVE-2023-26071

An issue was discovered in MCUBO ICT through 10.12.4 (aka 6.0.2). An Observable Response Discrepancy can occur under the login web page. In particular, the web application provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor. That allow an unauthorized actor to perform User Enumeration attacks.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.gruppotim.it/it/footer/red-team.html	Broken Link
https://vuldb.com/?id.224303	Third Party Advisory
https://www.gruppotim.it/it/footer/red-team.html	Broken Link

Configurations

Configuration 1 (hide)

cpe:2.3:a:harpaitalia:mcuboict:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:50

Type	Values Removed	Values Added
References	~~() https://www.gruppotim.it/it/footer/red-team.html - Broken Link~~	() https://www.gruppotim.it/it/footer/red-team.html - Broken Link

05 Apr 2023, 01:21

Type	Values Removed	Values Added
First Time		Harpaitalia Harpaitalia mcuboict
CPE		cpe:2.3:a:harpaitalia:mcuboict::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
CWE		CWE-203
References		(MISC) https://vuldb.com/?id.224303 - Third Party Advisory
References	~~(MISC) https://www.gruppotim.it/it/footer/red-team.html -~~	(MISC) https://www.gruppotim.it/it/footer/red-team.html - Broken Link

28 Mar 2023, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-03-28 20:15

Updated : 2025-02-19 16:15

NVD link : CVE-2023-26071

Mitre link : CVE-2023-26071

CVE.ORG link : CVE-2023-26071

JSON object : View

Products Affected

harpaitalia

mcuboict

CWE

CWE-203

Observable Discrepancy

{"id": "CVE-2023-26071", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-03-28T20:15:13.343", "references": [{"url": "https://www.gruppotim.it/it/footer/red-team.html", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://vuldb.com/?id.224303", "tags": ["Third Party Advisory"], "source": "nvd@nist.gov"}, {"url": "https://www.gruppotim.it/it/footer/red-team.html", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-203"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-203"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in MCUBO ICT through 10.12.4 (aka 6.0.2). An Observable Response Discrepancy can occur under the login web page. In particular, the web application provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor. That allow an unauthorized actor to perform User Enumeration attacks."}], "lastModified": "2025-02-19T16:15:37.047", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:harpaitalia:mcuboict:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84C504A1-E323-4A1D-B4B1-5F7C8803DB4C", "versionEndIncluding": "10.12.4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}