{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-43742", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T19:52:10.836Z", "dateReserved": "2023-09-22T00:00:00", "datePublished": "2023-12-08T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-12-08T01:07:43.887358"}, "descriptions": [{"lang": "en", "value": "An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an unauthenticated attacker to obtain an administrative session via a protection mechanism failure in the authentication function. In normal operation, the Zultys MX Administrator Windows client connects to port 7505 and attempts authentication, submitting the administrator username and password to the server. Upon authentication failure, the server sends a login failure message prompting the client to disconnect. However, if the client ignores the failure message instead and attempts to continue, the server does not forcibly close the connection and processes all subsequent requests from the client as if authentication had been successful."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0002.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:52:10.836Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0002.md", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zultys:mx-se_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "09D39AC9-ACBA-4CF9-B9F0-D04F6B392905", "versionEndExcluding": "16.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:zultys:mx-se_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D290A1E-9CF3-42C3-B099-9A0D5FFE2FDC", "versionEndExcluding": "17.0.10", "versionStartIncluding": "17.0.6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zultys:mx-se:-:*:*:*:*:*:*:*", "matchCriteriaId": "B8E4DCA4-D3CB-46DC-B20F-205F18FE6FA4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zultys:mx-se_ii_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2CE4D4C-0CB5-4AB9-936B-E275E4A6E1A1", "versionEndExcluding": "16.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:zultys:mx-se_ii_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B040E08-BAF8-475B-BF5C-DC3D6D5FBBB1", "versionEndExcluding": "17.0.10", "versionStartIncluding": "17.0.6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zultys:mx-se_ii:-:*:*:*:*:*:*:*", "matchCriteriaId": "6DD550DD-C5C0-4ABC-9C29-016FC0587E97", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zultys:mx-e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3907F8B7-CB24-4BE4-8B8D-18F3D965EE7C", "versionEndExcluding": "16.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:zultys:mx-e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2257C4EE-4C6F-4EC2-A88D-6048FFE28EC2", "versionEndExcluding": "17.0.10", "versionStartIncluding": "17.0.6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zultys:mx-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E12E140-C7D8-4875-9AF7-4EF1A77D9CF1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zultys:mx-virtual_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCCC65F2-DAC8-4A47-A712-95D7E2579A3B", "versionEndExcluding": "16.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:zultys:mx-virtual_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7657BBD9-09D8-4EEA-AC0B-5098C4369874", "versionEndExcluding": "17.0.10", "versionStartIncluding": "17.0.6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zultys:mx-virtual:-:*:*:*:*:*:*:*", "matchCriteriaId": "3B765CFE-8D05-430C-9725-6FBC8C9D1484", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zultys:mx250_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D49E46A-4BA6-4563-9786-D2BC5E05F1CE", "versionEndExcluding": "16.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:zultys:mx250_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9572474-24A5-47C5-9A95-E8F4E0AB56C8", "versionEndExcluding": "17.0.10", "versionStartIncluding": "17.0.6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zultys:mx250:-:*:*:*:*:*:*:*", "matchCriteriaId": "44FBBEC0-96AF-42D1-B27C-91E6F3E67F7D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zultys:mx30_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF02FDBD-C0B9-4E6D-AEDD-3BB28D9EF059", "versionEndExcluding": "16.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:zultys:mx30_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6EC94AF4-0D2B-4045-98DF-53E2014C139D", "versionEndExcluding": "17.0.10", "versionStartIncluding": "17.0.6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zultys:mx30:-:*:*:*:*:*:*:*", "matchCriteriaId": "45765B6E-39CE-4CD2-A20C-7DB96FDDEBF0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an unauthenticated attacker to obtain an administrative session via a protection mechanism failure in the authentication function. In normal operation, the Zultys MX Administrator Windows client connects to port 7505 and attempts authentication, submitting the administrator username and password to the server. Upon authentication failure, the server sends a login failure message prompting the client to disconnect. However, if the client ignores the failure message instead and attempts to continue, the server does not forcibly close the connection and processes all subsequent requests from the client as if authentication had been successful."}, {"lang": "es", "value": "Una omisi\u00f3n de autenticaci\u00f3n en Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250 y MX30 con versiones de firmware anteriores a 17.0.10 parche 17161 y 16.04 parche 16109 permite a un atacante no autenticado obtener una sesi\u00f3n administrativa a trav\u00e9s de una falla del mecanismo de protecci\u00f3n en la funci\u00f3n de autenticaci\u00f3n. En funcionamiento normal, el cliente Windows Zultys MX Administrator se conecta al puerto 7505 e intenta la autenticaci\u00f3n, enviando el nombre de usuario y la contrase\u00f1a del administrador al servidor. Tras un error de autenticaci\u00f3n, el servidor env\u00eda un mensaje de error de inicio de sesi\u00f3n solicitando al cliente que se desconecte. Sin embargo, si el cliente ignora el mensaje de error e intenta continuar, el servidor no cierra la conexi\u00f3n a la fuerza y procesa todas las solicitudes posteriores del cliente como si la autenticaci\u00f3n hubiera sido exitosa."}], "id": "CVE-2023-43742", "lastModified": "2024-11-21T08:24:41.987", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-08T01:15:07.200", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0002.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0002.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}