CVE-2023-53908Improper Privilege Management in Hisecos

CWE-269Improper Privilege Management3 documents3 sources
Severity
8.7HIGHNVD
EPSS
0.0%
top 99.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Belden Hisecos
Timeline
PublishedDec 17
Latest updateDec 18

Description

HiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to modify their access role through XML-based NETCONF configuration. Attackers can send crafted XML payloads to the /mops_data endpoint with a specific role value to elevate their user privileges to administrative level.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5belden/hisecos04.0.01

🔴Vulnerability Details

2
GHSA
GHSA-px84-m7h4-295j: HiSecOS 042025-12-18
CVEList
HiSecOS 04.0.01 Privilege Escalation via User Role Modification2025-12-17
CVE-2023-53908 — Improper Privilege Management | cvebase