CVE-2023-5935
Missing authentication for local web interface in Arc before v1.6.0
When configuring Arc (e.g. during the first setup), a local web interface is provided to ease the configuration process. Such web interface lacks authentication and may thus be abused by a local attacker or malware running on the machine itself.
A malicious local user or process, during a window of opportunity when the local web interface is active, may be able to extract sensitive information or change Arc's configuration. This could also lead to arbitrary code execution if a malicious update package is installed.
CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
Nozomi Networks · Arc¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →