cve/2023/CVE-2023-36483.md

### [CVE-2023-36483](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36483)
![](https://img.shields.io/static/v1?label=Product&message=MAS%20ASP.Net%20Services&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=MASmobile%20Classic&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=1%3C%3D%201.16.18%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=1%3C%3D%201.9%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen)

### Description

Authorization bypass can be achieved by session ID prediction in MASmobile Classic Android  version 1.16.18 and earlier and MASmobile Classic iOS version 1.7.24 and earlierwhich allows remote attackers to retrieve sensitive data  including customer data, security system status, and event history.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/NaInSec/CVE-LIST
- https://github.com/fkie-cad/nvd-json-data-feeds