CVE-2023-44318

MEDIUM Year: 2023
CVSS v3 Score
4.9
Medium
Weakness Type
CWE-321
View all →

Vulnerability Description

Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that obtains a configuration backup to extract configuration information from the exported file.

Related Vulnerabilities

CVE-2023-39482

MEDIUM
CVSS:4.9(Medium)

Softing Secure Integration Server Hardcoded Cryptographic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installatio...

CWE-3212023

CVE-2017-9649

MEDIUM
CVSS:5.0(Medium)

A Use of Hard-Coded Cryptographic Key issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/...

CWE-3212017

CVE-2023-6482

MEDIUM
CVSS:5.2(Medium)

Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerp...

CWE-3212023

CVE-2017-14014

MEDIUM
CVSS:4.6(Medium)

Boston Scientific ZOOM LATITUDE PRM Model 3120 uses a hard-coded cryptographic key to encrypt PHI prior to having it transferred to removable media. CVSS v3 base score: 4.6; CVSS vector string: AV:P/A...

CWE-3212017

CVE-2018-10896

MEDIUM
CVSS:4.6(Medium)

The default cloud-init configuration, in cloud-init 0.6.2 and newer, included "ssh_deletekeys: 0", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances ...

CWE-3212018

CVE-2020-25193

MEDIUM
CVSS:5.3(Medium)

By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encryp...

CWE-3212020