cve/2023/CVE-2023-5719.md

### [CVE-2023-5719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5719)
![](https://img.shields.io/static/v1?label=Product&message=Crimson&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%20v3.2.0053.18%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-158%20Improper%20Neutralization%20of%20Null%20Byte%20or%20NUL%20Character&color=brighgreen)

### Description

The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability.

### POC

#### Reference
- https://support.redlion.net/hc/en-us/categories/360002087671-Security-Advisories

#### Github
No PoCs found on GitHub currently.
Update CVE sources 2024-08-06 19:19 2024-08-06 19:19:10 +00:00			`### [CVE-2023-5719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5719)`
			`![](https://img.shields.io/static/v1?label=Product&message=Crimson&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%20v3.2.0053.18%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-158%20Improper%20Neutralization%20of%20Null%20Byte%20or%20NUL%20Character&color=brighgreen)`

			`### Description`

			The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability.

			`### POC`

			`#### Reference`
			`- https://support.redlion.net/hc/en-us/categories/360002087671-Security-Advisories`

			`#### Github`
			`No PoCs found on GitHub currently.`