CVE-2023-28649 HIGH

CVE-2023-28649

Vendor Snap One
Product OvrC Cloud
Weakness CWE-413
Published May 22, 2023
Last update January 16, 2025

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

What the vulnerability does

01Description

The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. A vulnerability exists in which an attacker could impersonate a hub and send device requests to claim already claimed devices. The OvrC cloud platform receives the requests but does not validate if the found devices are already managed by another user.

Key dates

02Disclosure timeline

May 22, 2023 CVE published
January 16, 2025 Record updated