CVE-2023-29126
Nov. 6, 2024, 6:17 p.m.
Tags
CVSS Score
Product(s) Impacted
Waybox Enel X web management application
Description
The Waybox Enel X web management application contains a PHP-type juggling vulnerability that may allow a brute force process and under certain conditions bypass authentication.
Weaknesses
CWE-1287
Improper Validation of Specified Type of Input
The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.
CWE ID: 1287Date
Published: Nov. 5, 2024, 4:15 p.m.
Last Modified: Nov. 6, 2024, 6:17 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
cve@asrg.io
CVSS Data
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
Base Score
Exploitability Score
Impact Score
Base Severity
MEDIUMCVSS Vector String
The CVSS vector string provides an in-depth view of the vulnerability metrics.
View Vector StringCVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N