{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-0506","assignerOrgId":"0cbda920-cd7f-484a-8e76-bf7f4b7f4516","state":"PUBLISHED","assignerShortName":"INCIBE","dateReserved":"2023-01-25T10:12:33.756Z","datePublished":"2023-10-03T13:12:51.965Z","dateUpdated":"2024-09-19T20:15:43.067Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Airspace CCTV Web Service","vendor":"ByDemes Group","versions":[{"status":"affected","version":"2.616.BY00.11"}]}],"credits":[{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"Camilo Andrés Bruna"}],"datePublic":"2023-06-28T10:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"The web service of ByDemes Group Airspace CCTV Web Service in its 2.616.BY00.11 version, contains a privilege escalation vulnerability, detected in the Camera Control Panel, whose exploitation could allow a low-privileged attacker to gain administrator access."}],"value":"The web service of ByDemes Group Airspace CCTV Web Service in its 2.616.BY00.11 version, contains a privilege escalation vulnerability, detected in the Camera Control Panel, whose exploitation could allow a low-privileged attacker to gain administrator access."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-284","description":"CWE-284: Improper Access Control","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"0cbda920-cd7f-484a-8e76-bf7f4b7f4516","shortName":"INCIBE","dateUpdated":"2023-10-03T13:12:51.965Z"},"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/inadequate-access-control-demes-group-products"},{"url":"https://github.com/zerolynx/wstg/blob/master/document/4-Web_Application_Security_Testing/05-Authorization_Testing/02-Testing_for_Bypassing_Authorization_Schema.md"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"The reported vulnerability has already been fixed by the By Demes Group security team. Affected users are advised to upgrade to the latest version available. By Demes Group reminds that the affected devices are at end of life and are no longer supported, so it is recommended to upgrade to a newer model."}],"value":"The reported vulnerability has already been fixed by the By Demes Group security team. Affected users are advised to upgrade to the latest version available. By Demes Group reminds that the affected devices are at end of life and are no longer supported, so it is recommended to upgrade to a newer model."}],"source":{"discovery":"UNKNOWN"},"title":"ByDemes Group Airspace CCTV Web Service Improper Access Control","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T05:17:49.033Z"},"title":"CVE Program Container","references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/inadequate-access-control-demes-group-products","tags":["x_transferred"]},{"url":"https://github.com/zerolynx/wstg/blob/master/document/4-Web_Application_Security_Testing/05-Authorization_Testing/02-Testing_for_Bypassing_Authorization_Schema.md","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-09-19T20:15:31.046541Z","id":"CVE-2023-0506","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-19T20:15:43.067Z"}}]}}