admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2025/0xxx/CVE-2025-0674.json
CVE Team 9cd921e933
"-Synchronized-Data."
2025-02-07 00:00:36 +00:00

154 lines
6.5 KiB
JSON
Raw Blame History

{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2025-0674",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Elber products are affected by an authentication bypass \nvulnerability which allows unauthorized access to the password \nmanagement functionality. Attackers can exploit this issue by \nmanipulating the endpoint to overwrite any user's password within the \nsystem. This grants them unauthorized administrative access to protected\n areas of the application, compromising the device's system security."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288",
"cweId": "CWE-288"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Elber",
"product": {
"product_data": [
{
"product_name": "Signum DVB-S/S2 IRD",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.999"
}
]
}
},
{
"product_name": "Cleber/3 Broadcast Multi-Purpose Platform",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
},
{
"product_name": "Reble610 M/ODU XPIC IP-ASI-SDH",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0.01"
}
]
}
},
{
"product_name": "ESE DVB-S/S2 Satellite Receiver",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.5.179"
}
]
}
},
{
"product_name": "Wayber Analog/Digital Audio STL",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-03",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-03"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "ICSA-25-035-03",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Elber does not plan to mitigate these vulnerabilities because this \nequipment is either end of life or almost end of life. Users of affected\n versions of Elber Signum DVB-S/S2 IRD, Cleber/3 Broadcast Multi-Purpose\n Platform, Reble610 M/ODU XPIC IP-ASI-SDH, ESE DVB-S/S2 Satellite \nReceiver, and Wayber Analog/Digital Audio STL are invited to contact \nElber <a target=\"_blank\" rel=\"nofollow\" href=\"https://elber.it/en/elber-contacts.php\">customer support</a> for additional information.\n\n<br>"
}
],
"value": "Elber does not plan to mitigate these vulnerabilities because this \nequipment is either end of life or almost end of life. Users of affected\n versions of Elber Signum DVB-S/S2 IRD, Cleber/3 Broadcast Multi-Purpose\n Platform, Reble610 M/ODU XPIC IP-ASI-SDH, ESE DVB-S/S2 Satellite \nReceiver, and Wayber Analog/Digital Audio STL are invited to contact \nElber customer support https://elber.it/en/elber-contacts.php for additional information."
}
],
"credits": [
{
"lang": "en",
"value": "Gjoko Krstic of Zero Science Lab reported these vulnerabilities to CISA."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}
Reference in New Issue View Git Blame Copy Permalink