{ "id": "CVE-2023-33684", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-06T20:15:14.217", "lastModified": "2023-06-16T16:28:40.277", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Weak session management in DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Firmware: 1.9.3 Bios firmware: 7.1 (Apr 19 2021) Gui: 2.46 FPGA: 169.55 uc: 6.15 allows attackers on the same network to bypass authentication by re-using the IP address assigned to the device by the NAT protocol." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.1, "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:dbbroadcast:spa_sft_dab_600\\/c_bios:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "C7B20C43-44AE-4AC7-BD84-D1B4867FE739" }, { "vulnerable": true, "criteria": "cpe:2.3:o:dbbroadcast:spa_sft_dab_600\\/c_firmware:1.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "30294753-DFC1-4151-ADAF-70FF9A5EE594" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:dbbroadcast:spa_sft_dab_600\\/c:-:*:*:*:*:*:*:*", "matchCriteriaId": "3FCB434E-9CA7-43C7-9B43-71E4CB0A6712" } ] } ] } ], "references": [ { "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5771.php", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] } ] }