CVE-2023-2538 MEDIUM

CVE-2023-2538: TLS Private Key Accessible to External Parties

Vendor Tyan
Product s5552_bmc
Weakness CWE-552 · Files accessible externally
Published July 5, 2023
Last update October 24, 2024

CVSS base score

5.8/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

A CWE-552 "Files or Directories Accessible to External Parties” in the web interface of the Tyan S5552 BMC version 3.00 allows an unauthenticated remote attacker to retrieve the private key of the TLS certificate in use by the BMC via forced browsing. This can then be abused to perform Man-in-the-Middle (MitM) attacks against victims that access the web interface through HTTPS.

Key dates

02Disclosure timeline

July 5, 2023 CVE published
October 24, 2024 Record updated