Sign-up

ID

VAR-202302-1811


CVE

CVE-2023-26462


TITLE

ThingsBoard, Inc.  of  ThingsBoard  Vulnerability in using hard-coded credentials in

Trust: 0.8

sources: JVNDB: JVNDB-2023-004494

DESCRIPTION

ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials (usable for privilege escalation) are stored in an insecure format. (To read this stored data, the attacker needs access to the application server or its source code.). ThingsBoard, Inc. of ThingsBoard Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Thingsboard is a Java-based platform of the Thingsboard team for IOT device monitoring, management, and data collection. There is a security vulnerability in ThingsBoard 3.4.1. Attackers can use this vulnerability to elevate their privileges

Trust: 2.25

sources: NVD: CVE-2023-26462 // JVNDB: JVNDB-2023-004494 // CNNVD: CNNVD-202302-1903 // VULMON: CVE-2023-26462

AFFECTED PRODUCTS

vendor:thingsboardmodel:thingsboardscope:eqversion:3.4.1

Trust: 1.8

vendor:thingsboardmodel:thingsboardscope:eqversion: -

Trust: 0.8

vendor:thingsboardmodel:thingsboardscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-004494 // NVD: CVE-2023-26462

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-26462
value: HIGH

Trust: 1.8

CNNVD: CNNVD-202302-1903
value: CRITICAL

Trust: 0.6

NVD:
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2023-26462
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-004494 // NVD: CVE-2023-26462 // CNNVD: CNNVD-202302-1903

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.0

problemtype:Use hard-coded credentials (CWE-798) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-004494 // NVD: CVE-2023-26462

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-1903

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202302-1903

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2023-26462

PATCH
title:Thingsboard Repair measures for trust management problem vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=227616
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202302-1903

EXTERNAL IDS
db:NVDid:CVE-2023-26462
Trust: 3.3
db:JVNDBid:JVNDB-2023-004494
Trust: 0.8
db:CNNVDid:CNNVD-202302-1903
Trust: 0.6
db:VULMONid:CVE-2023-26462
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-26462 // 
            
            
            
            JVNDB: JVNDB-2023-004494 // 
            
            
            
            NVD: CVE-2023-26462 // 
            
            
            
            CNNVD: CNNVD-202302-1903

REFERENCES
url:https://thingsboard.io/docs/reference/releases/
Trust: 2.5
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/238544
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2023-26462
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2023-26462/
Trust: 0.6
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-26462 // 
            
            
            
            JVNDB: JVNDB-2023-004494 // 
            
            
            
            NVD: CVE-2023-26462 // 
            
            
            
            CNNVD: CNNVD-202302-1903

SOURCES
db:VULMONid:CVE-2023-26462
db:JVNDBid:JVNDB-2023-004494
db:NVDid:CVE-2023-26462
db:CNNVDid:CNNVD-202302-1903

LAST UPDATE DATE
2023-12-18T12:54:30.332000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2023-26462date:2023-02-23T00:00:00
db:JVNDBid:JVNDB-2023-004494date:2023-10-31T01:18:00
db:NVDid:CVE-2023-26462date:2023-08-29T20:18:02.617
db:CNNVDid:CNNVD-202302-1903date:2023-03-06T00:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2023-26462date:2023-02-23T00:00:00
db:JVNDBid:JVNDB-2023-004494date:2023-10-31T00:00:00
db:NVDid:CVE-2023-26462date:2023-02-23T06:15:10.340
db:CNNVDid:CNNVD-202302-1903date:2023-02-23T00:00:00