CVE Vulnerabilities

CVE-2023-4804

Active Debug Code

Published: Nov 10, 2023 | Modified: Nov 21, 2024
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed.

Weakness

The product is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.

Affected Software

Name Vendor Start Version End Version
Quantum_hd_unity_compressor_firmware Johnsoncontrols 11.00 (including) 11.22 (excluding)
Quantum_hd_unity_compressor_firmware Johnsoncontrols 12.00 (including) 12.22 (excluding)

Potential Mitigations

References