SMC: Unauthorized modification of Admin password
| Advisory ID | CVE Number | Date discovered | Severity | Advisory revision |
|---|---|---|---|---|
| STORM-2023-030 | CVE-2023-44455 | 09/14/2023 | high | v1 |
Vulnerability details
A vulnerability has been identified that allows unauthorized modification of admin account password
Impacted products
| Products | Severity | Detail |
|---|---|---|
| Stormshield Management Center | high | SMC is impacted |
Revisions
| Version | Date | Description |
|---|---|---|
| v1 | 09/15/2023 | Initial release |
| v2 | 10/16/2023 | Public release |
Stormshield Management Center |
CVSS v3.1 Overall Score: 7.9
|
Analysis |
Impacted version |
|
A vulnerability has been discovered that allows unauthorized modification of the admin account password. The risk associated with this vulnerability is mitigated if the deployment recommendations for SMC, as describe in the installation guide, have been respected |
|
Workaround solution |
Solution |
|
There is no workaround solution.
|
|
| Attack Vector | Attack Complexity | Privileges Required | User Interaction | Scope | Confidentiality Impact | Integrity Impact | Availability impact |
|---|---|---|---|---|---|---|---|
| Adjacent Network | Low | None | None | Unchanged | High | High | High |
| CVSS Base score: 8.8 | CVSS Vector: (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) |
| Exploit Code Maturity | Remediation Level | Report Confidence |
|---|---|---|
| Proof of concept code | Official fix | Confirmed |
| CVSS Temporal score: 7.9 | CVSS Vector: (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C) |
| Confidentiality Requirement | Integrity Requirement | Availability Requirement |
|---|---|---|
| High | High | High |
| CVSS Environmental score: 7.9 | CVSS Vector: (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C/CR:H/IR:H/AR:H/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X) |