CVE-2023-23370

MEDIUM Year: 2023
CVSS v3 Score
4.4
Medium
Weakness Type
CWE-522
View all →

Vulnerability Description

An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors. We have already fixed the vulnerability in the following version: QVPN Windows 2.1.0.0518 and later

Related Vulnerabilities

CVE-2017-12127

MEDIUM
CVSS:4.4(Medium)

A password storage vulnerability exists in the operating system functionality of Moxa EDR-810 V4.1 build 17030317. An attacker with shell access could extract passwords in clear text from the device.

CWE-5222017

CVE-2019-0120

MEDIUM
CVSS:4.4(Medium)

Insufficient key protection vulnerability in silicon reference firmware for Intel(R) Pentium(R) Processor J Series, Intel(R) Pentium(R) Processor N Series, Intel(R) Celeron(R) J Series, Intel(R) Celer...

CWE-5222019

CVE-2019-0175

MEDIUM
CVSS:4.4(Medium)

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.

CWE-5222019

CVE-2019-0179

MEDIUM
CVSS:4.4(Medium)

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.

CWE-5222019

CVE-2019-0180

MEDIUM
CVSS:4.4(Medium)

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.

CWE-5222019

CVE-2019-11092

MEDIUM
CVSS:4.4(Medium)

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.

CWE-5222019