CVE-2023-26150
CVE-2023-26150
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.5EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
03 out 2023Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication.
**Note:**
This issue is a result of missing checks for services that require an active session.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P
Produtos afetados
n/a · asyncuaReferências
https://gist.github.com/artfire52/84f7279a4119d6f90381ac49d7121121https://github.com/FreeOpcUa/opcua-asyncio/commit/2be7ce80df05de8d6c6ae1ebce6fa2bb7147844ahttps://github.com/FreeOpcUa/opcua-asyncio/commit/b4106dfd5037423c9d1810b48a97296b59cde513https://github.com/FreeOpcUa/opcua-asyncio/issues/1014https://github.com/FreeOpcUa/opcua-asyncio/pull/1015https://github.com/FreeOpcUa/opcua-asyncio/releases/tag/v0.9.96https://security.snyk.io/vuln/SNYK-PYTHON-ASYNCUA-5673435