CVE-2023-31240

High

8.3/10

Summary

Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hidden superuser account accessible through hard-coded credentials.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: CHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: LOW

References

Advisory Timeline

Published May 22, 2023

CVE-2023-31240

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS