A CWE-552 "Files or Directories Accessible to External Parties” in the web interface of the Tyan S5552 BMC version 3.00 allows an unauthenticated remote attacker to retrieve the private key of the TLS certificate in use by the BMC via forced browsing. This can then be abused to perform Man-in-the-Middle (MitM) attacks against victims that access the web interface through HTTPS.
Metrics
Affected Vendors & Products
References
History
Mon, 30 Sep 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Nozomi
Published: 2023-07-05T12:11:53.397Z
Updated: 2024-09-30T14:12:35.425Z
Reserved: 2023-05-05T07:00:43.400Z
Link: CVE-2023-2538
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-07-05T13:15:09.540
Modified: 2024-09-30T15:15:04.730
Link: CVE-2023-2538
Redhat
No data.