How severe is CVE-2023-39482?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.9 out of 10.

What type of vulnerability is CVE-2023-39482?

This is classified as CWE-321, which is a common weakness in software security.

CVE-2023-39482

MEDIUM Year: 2023

CVSS v3 Score

4.9

Medium

Weakness Type

CWE-321

View all →

Vulnerability Description

Softing Secure Integration Server Hardcoded Cryptographic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within libopcuaclient.so. The issue results from hardcoding crytographic keys within the product. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-20610.

CVE-2023-44318

MEDIUM

CVSS:4.9(Medium)

Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges o...

CWE-3212023

CVE-2017-9649

MEDIUM

CVSS:5.0(Medium)

A Use of Hard-Coded Cryptographic Key issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/...

CWE-3212017

CVE-2023-6482

MEDIUM

CVSS:5.2(Medium)

Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerp...

CWE-3212023

CVE-2017-14014

MEDIUM

CVSS:4.6(Medium)

Boston Scientific ZOOM LATITUDE PRM Model 3120 uses a hard-coded cryptographic key to encrypt PHI prior to having it transferred to removable media. CVSS v3 base score: 4.6; CVSS vector string: AV:P/A...

CWE-3212017

CVE-2018-10896

MEDIUM

CVSS:4.6(Medium)

The default cloud-init configuration, in cloud-init 0.6.2 and newer, included "ssh_deletekeys: 0", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances ...

CWE-3212018

CVE-2020-25193

MEDIUM

CVSS:5.3(Medium)

By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encryp...

CWE-3212020

CVE-2023-39482

Vulnerability Description

Related Vulnerabilities

CVE-2023-44318

CVE-2017-9649

CVE-2023-6482

CVE-2017-14014

CVE-2018-10896

CVE-2020-25193