CVE-2023-6724 - OpenCVE

Authorization Bypass Through User-Controlled Key vulnerability in Software Engineering Consultancy Machine Equipment Limited Company Hearing Tracking System allows Authentication Abuse.This issue affects Hearing Tracking System: before for IOS 7.0, for Android Latest release 1.0.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Simgesel	Hearing Tracking System

Configuration 1 [-]

OR	cpe:2.3:a:simgesel:hearing_tracking_system::::::android::*
	cpe:2.3:a:simgesel:hearing_tracking_system::::::iphone_os::*

References

Link	Resource
https://www.usom.gov.tr/bildirim/tr-24-0099	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: TR-CERT

Published: 2024-02-09T12:27:51.562Z

Updated: 2024-02-09T12:28:08.844Z

Reserved: 2023-12-12T08:34:20.825Z

Link: CVE-2023-6724

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-02-09T13:15:41.570

Modified: 2024-02-15T18:44:49.107

Link: CVE-2023-6724

JSON object: View

Redhat Information

No data.

CWE

CWE-639

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-6724", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2023-12-12T08:34:20.825Z", "datePublished": "2024-02-09T12:27:51.562Z", "dateUpdated": "2024-02-09T12:28:08.844Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Hearing Tracking System", "vendor": "Software Engineering Consultancy Machine Equipment Limited Company", "versions": [{"lessThan": "for IOS 7.0, for Android Latest release 1.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Resul Melih MAC\u0130T"}], "datePublic": "2024-02-09T12:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Authorization Bypass Through User-Controlled Key vulnerability in Software Engineering Consultancy Machine Equipment Limited Company Hearing Tracking System allows Authentication Abuse.<p>This issue affects Hearing Tracking System: before for IOS 7.0, for Android Latest release 1.0.</p>"}], "value": "Authorization Bypass Through User-Controlled Key vulnerability in Software Engineering Consultancy Machine Equipment Limited Company Hearing Tracking System allows Authentication Abuse.This issue affects Hearing Tracking System: before for IOS 7.0, for Android Latest release 1.0.\n\n"}], "impacts": [{"capecId": "CAPEC-114", "descriptions": [{"lang": "en", "value": "CAPEC-114 Authentication Abuse"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2024-02-09T12:28:08.844Z"}, "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-24-0099"}], "source": {"advisory": "TR-24-0099", "defect": ["TR-24-0099"], "discovery": "UNKNOWN"}, "title": "IDOR in Simgesel Software's Hearing Tracking System (Barosel)", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}