Authentication Bypass by Primary Weakness

CVE-2023-41920

High

9.8/10

Summary

The vulnerability allows attackers access to the root account without having to authenticate. Specifically, if the device is configured with the IP address of 10.10.10.10, the root user is automatically logged in.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-305 - Authentication Bypass by Primary Weakness

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

References

Advisory Timeline

Published Jul 02, 2024

Authentication Bypass by Primary Weakness

CVE-2023-41920

Summary

CWE-305 - Authentication Bypass by Primary Weakness

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS