OpenCVE

An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only, unprivileged users to obtain sensitive information about the device configuration.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Peplink	Balance Two Balance Two Firmware

Configuration 1 [-]

AND

cpe:2.3:o:peplink:balance_two_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:peplink:balance_two:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4
https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-12-28T00:00:00

Updated: 2024-08-02T21:53:44.725Z

Reserved: 2023-11-24T00:00:00

Link: CVE-2023-49229

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-12-28T04:15:08.100

Modified: 2024-11-21T08:33:04.143

Link: CVE-2023-49229

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:balance_two_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0B5E9A13-C60F-4F0D-ACAD-12A9E4130840", "versionEndExcluding": "8.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:balance_two:-:*:*:*:*:*:*:*", "matchCriteriaId": "C38FC37D-0615-48E2-9419-496E62679C4D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only, unprivileged users to obtain sensitive information about the device configuration."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Peplink Balance Two antes de 8.4.0. Una verificaci\u00f3n de autorizaci\u00f3n faltante en el servicio web de administraci\u00f3n permite a los usuarios sin privilegios y de solo lectura obtener informaci\u00f3n confidencial sobre la configuraci\u00f3n del dispositivo."}], "id": "CVE-2023-49229", "lastModified": "2024-11-21T08:33:04.143", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-28T04:15:08.100", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}