A CWE-552 "Files or Directories Accessible to External Parties” in the web interface of the Tyan S5552 BMC version 3.00 allows an unauthenticated remote attacker to retrieve the private key of the TLS certificate in use by the BMC via forced browsing. This can then be abused to perform Man-in-the-Middle (MitM) attacks against victims that access the web interface through HTTPS.
References
Link | Resource |
---|---|
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-2538/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Nozomi
Published: 2023-07-05T12:11:53.397Z
Updated: 2023-07-05T12:11:53.397Z
Reserved: 2023-05-05T07:00:43.400Z
Link: CVE-2023-2538
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-07-05T13:15:09.540
Modified: 2023-07-12T14:25:30.003
Link: CVE-2023-2538
JSON object: View
Redhat Information
No data.
CWE