CVE-2023-0035
published 2023-01-09CVE-2023-0035: softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA…
PriorityP344high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.18%
8.1th percentile
softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| juniper | junos_os | — | — |
| openatom | openharmony | 3.0 – 3.0.5 | — |
| openharmony | openharmony | 3.0 – 3.0.5 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4jfc-52v4-6x58: softbus_client_stub in communication subsystem within OpenHarmony-v3
ghsa_unreviewed·2023-01-09
CVE-2023-0035 [HIGH] CWE-287 GHSA-4jfc-52v4-6x58: softbus_client_stub in communication subsystem within OpenHarmony-v3
softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.
Juniper
CVE-2023-28972: An Improper Link Resolution Before File Access vulnerability in console port access of Juniper Networks Junos OS on NFX Series allows an attacker to b
vendor_juniper·2023-04-17·CVSS 6.8
CVE-2023-28972 [MEDIUM] CWE-59 CVE-2023-28972: An Improper Link Resolution Before File Access vulnerability in console port access of Juniper Networks Junos OS on NFX Series allows an attacker to b
CVE-2023-28972: An Improper Link Resolution Before File Access vulnerability in console port access of Juniper Networks Junos OS on NFX Series allows an attacker to bypass console access controls. When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. However, the root password can be changed using "set system root-authentication plain-text-password" on NFX Series systems, leading to a possible administrative bypass with physical access to the console. Password recovery, changing the root password from a console, should not have been allowed from an insecure console. This is similar to the vulnerability described in CVE-2019-0035 but affects different platforms and in turn requires a different fix. This issue affects Juniper Networks Junos O
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-01-09
Published