← back
CVE-2023-41920

Authentication Bypass by Primary Weakness in Kiloview P1/P2 devices

CVSS 9.8 CRITICALEPSS 0.4%CWE-305
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
02 Jul 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The vulnerability allows attackers access to the root account without having to authenticate. Specifically, if the device is configured with the IP address of 10.10.10.10, the root user is automatically logged in.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Kiloview · P1/P2

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273