How severe is CVE-2023-35719?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2023-35719?

This is classified as CWE-345, which is a common weakness in software security.

CVE-2023-35719 - MEDIUM Severity | CVSS 6.8

Vulnerability Description

ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Password Reset Portal used by the GINA client. The issue results from the lack of proper authentication of data received via HTTP. An attacker can leverage this vulnerability to bypass authentication and execute code in the context of SYSTEM. Was ZDI-CAN-17009.

Related Vulnerabilities

CVE-2019-16398

MEDIUM

CVSS:6.8(Medium)

On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code execution can occur by inserting an SD card containing a file named zskj_script_run.sh that executes a reverse shell.

CWE-3452019

CVE-2020-24395

MEDIUM

CVSS:6.8(Medium)

The USB firmware update script of homee Brain Cube v2 (2.28.2 and 2.28.4) devices allows an attacker with physical access to install compromised firmware. This occurs because of insufficient validatio...

CWE-3452020

CVE-2020-3220

MEDIUM

CVSS:6.8(Medium)

A vulnerability in the hardware crypto driver of Cisco IOS XE Software for Cisco 4300 Series Integrated Services Routers and Cisco Catalyst 9800-L Wireless Controllers could allow an unauthenticated, ...

CWE-3452020

CVE-2021-33887

MEDIUM

CVSS:6.8(Medium)

Insufficient verification of data authenticity in Peloton TTR01 up to and including PTV55G allows an attacker with physical access to boot into a modified kernel/ramdisk without unlocking the bootload...

CWE-3452021

CVE-2021-44850

MEDIUM

CVSS:6.8(Medium)

On Xilinx Zynq-7000 SoC devices, physical modification of an SD boot image allows for a buffer overflow attack in the ROM. Because the Zynq-7000's boot image header is unencrypted and unauthenticated ...

CWE-3452021

CVE-2024-23922

MEDIUM

CVSS:6.8(Medium)

Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations ...

CWE-3452024