CVE-2023-24476

An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid.

CVSS v3 1.8 LOW

1.8^/10

CVSS v3 : LOW

Vector :

Exploitability : 0.3 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13	Broken Link
https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13	Third Party Advisory US Government Resource
https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13	Broken Link

Configurations

Configuration 1 (hide)

cpe:2.3:a:ptc:vuforia_studio:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-06-07 22:15

Updated : 2024-11-21 07:47

NVD link : CVE-2023-24476

Mitre link : CVE-2023-24476

CVE.ORG link : CVE-2023-24476

JSON object : View

Products Affected

ptc

vuforia_studio

CWE

CWE-285

Improper Authorization

NVD-CWE-noinfo

{"id": "CVE-2023-24476", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 1.8, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 0.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2023-06-07T22:15:09.553", "references": [{"url": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13", "tags": ["Broken Link"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13", "tags": ["Third Party Advisory", "US Government Resource"], "source": "nvd@nist.gov"}, {"url": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-285"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "\nAn attacker with local access to the machine could record the traffic, \nwhich could allow them to resend requests without the server \nauthenticating that the user or session are valid.\n\n"}], "lastModified": "2024-11-21T07:47:56.170", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ptc:vuforia_studio:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0401ACC-907D-43E1-9CAE-FC94DC02C9F7", "versionEndExcluding": "9.9"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}