CVE-2023-36611 MEDIUM

CVE-2023-36611

Vendor Ovarro
Product TBox MS-CPU32
Weakness CWE-285
Published July 3, 2023
Last update October 25, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with “user” privileges to access files requiring higher privileges by establishing an SSH session and providing the other tokens.

Key dates

02Disclosure timeline

July 3, 2023 CVE published
October 25, 2024 Record updated