CVE-2023-5935
CVSS V2 None
CVSS V3 None
Description
When configuring Arc (e.g. during the first setup), a local web interface is provided to ease the configuration process. Such web interface lacks authentication and may thus be abused by a local attacker or malware running on the machine itself.
A malicious local user or process, during a window of opportunity when the local web interface is active, may be able to extract sensitive information or change Arc's configuration. This could also lead to arbitrary code execution if a malicious update package is installed.
Overview
- CVE ID
- CVE-2023-5935
- Assigner
- Nozomi
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-05-15T16:02:34.507Z
- Last Modified Date
- 2024-06-06T13:02:24.659Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://security.nozominetworks.com/NN-2023:13-01 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-5935 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5935 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-25 05:43:21 | Added to TrackCVE |