CVE-2023-21297

MEDIUM Year: 2023
CVSS v3 Score
4.4
Medium
Weakness Type
CWE-287
View all →

Vulnerability Description

In SEPolicy, there is a possible way to access the factory MAC address due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Related Vulnerabilities

CVE-2020-8685

MEDIUM
CVSS:4.4(Medium)

Improper authentication in subsystem for Intel (R) LED Manager for NUC before version 1.2.3 may allow privileged user to potentially enable denial of service via local access.

CWE-2872020

CVE-2021-33083

MEDIUM
CVSS:4.4(Medium)

Improper authentication in firmware for some Intel(R) SSD, Intel(R) Optane(TM) SSD, Intel(R) Optane(TM) SSD DC and Intel(R) SSD DC Products may allow an privileged user to potentially enable informati...

CWE-2872021

CVE-2023-21460

MEDIUM
CVSS:4.4(Medium)

Improper authentication in SecSettings prior to SMR Mar-2023 Release 1 allows attacker to reset the setting.

CWE-2872023

CVE-2024-45042

MEDIUM
CVSS:4.4(Medium)

Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 1.3.0, given a number of preconditions, the `highest_available` setting will incorrectly assum...

CWE-2872024

CVE-2016-10835

MEDIUM
CVSS:4.3(Medium)

cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107).

CWE-2872016

CVE-2016-4863

MEDIUM
CVSS:4.3(Medium)

The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series ...

CWE-2872016