CVE-2023-3127 HIGH

CVE-2023-3127: Improper Authentication in iSTAR

Vendor Sensormatic Electronics, A Subsidiary Of Johnson Controls, Inc.
Product iSTAR Ultra
Weakness CWE-287 · Improper authentication
Published July 11, 2023
Last update October 22, 2024

CVSS base score

7.5/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L

What the vulnerability does

01Description

An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights.

Key dates

02Disclosure timeline

July 11, 2023 CVE published
October 22, 2024 Record updated