HIGH🇬🇧 English

CVE-2023-5719

CVSS 8.8v3.1pub. 2023-11-06upd. 2024-11-21

The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Redlion Crimson

    APP
    Redlion
    3.2< 3.2
  • Redlion Da50a

    HW
    Redlion
    wszystkie wersje
  • Redlion Da70a

    HW
    Redlion
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2020-27285CRITICAL9.1ten sam produkt

The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able to read a...

CVE-2022-3090HIGH7.5ten sam produkt

Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson...

CVE-2020-27279HIGH7.5ten sam produkt

A NULL pointer deference vulnerability has been identified in the protocol converter. An attacker could send a...

CVE-2019-10996HIGH7.8ten sam produkt

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vuln...

CVE-2019-10978HIGH7.8ten sam produkt

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vuln...