CVE-2023-6263

An issue was discovered by IPVM team in Network Optix NxCloud before 23.1.0.40440.It was possible to add a fake VMS server to NxCloud by using the exactidentification of a legitimate VMS server. As result, it was possible toretrieve authorization headers from legitimate users when thelegitimate client connects to the fake VMS server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.3 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
NXCNA
8.3 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
VendorProductVersion
networkoptixnxcloud
𝑥
< 23.1.0.40440
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://networkoptix.atlassian.net/wiki/spaces/CHS/blog/2023/09/22/3074195467/vulnerability+2023-09-21+-+Server+Spoofing
https://networkoptix.atlassian.net/wiki/spaces/CHS/blog/2023/09/22/3074195467/vulnerability+2023-09-21+-+Server+Spoofing