Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2023-5719

Published: Nov 06, 2023 | Modified: Nov 14, 2023
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2023-5719
CWEhttps://cwe.mitre.org/data/definitions/NVD-Other.html

The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability.

Affected Software

Name Vendor Start Version End Version
Crimson Redlion * 3.2 (excluding)
Crimson Redlion 3.2-build_3.2.0008.0 (including) 3.2-build_3.2.0008.0 (including)
Crimson Redlion 3.2-build_3.2.0014.0 (including) 3.2-build_3.2.0014.0 (including)
Crimson Redlion 3.2-build_3.2.0015.0 (including) 3.2-build_3.2.0015.0 (including)
Crimson Redlion 3.2-build_3.2.0016.0 (including) 3.2-build_3.2.0016.0 (including)
Crimson Redlion 3.2-build_3.2.0020.0 (including) 3.2-build_3.2.0020.0 (including)
Crimson Redlion 3.2-build_3.2.0021.0 (including) 3.2-build_3.2.0021.0 (including)
Crimson Redlion 3.2-build_3.2.0025.0 (including) 3.2-build_3.2.0025.0 (including)
Crimson Redlion 3.2-build_3.2.0026.0 (including) 3.2-build_3.2.0026.0 (including)
Crimson Redlion 3.2-build_3.2.0030.0 (including) 3.2-build_3.2.0030.0 (including)
Crimson Redlion 3.2-build_3.2.0031.0 (including) 3.2-build_3.2.0031.0 (including)
Crimson Redlion 3.2-build_3.2.0035.0 (including) 3.2-build_3.2.0035.0 (including)
Crimson Redlion 3.2-build_3.2.0036.0 (including) 3.2-build_3.2.0036.0 (including)
Crimson Redlion 3.2-build_3.2.0040.0 (including) 3.2-build_3.2.0040.0 (including)
Crimson Redlion 3.2-build_3.2.0041.0 (including) 3.2-build_3.2.0041.0 (including)
Crimson Redlion 3.2-build_3.2.0044.0 (including) 3.2-build_3.2.0044.0 (including)
Crimson Redlion 3.2-build_3.2.0047.0 (including) 3.2-build_3.2.0047.0 (including)
Crimson Redlion 3.2-build_3.2.0050.0 (including) 3.2-build_3.2.0050.0 (including)
Crimson Redlion 3.2-build_3.2.0051.0 (including) 3.2-build_3.2.0051.0 (including)
Crimson Redlion 3.2-build_3.2.0053.0 (including) 3.2-build_3.2.0053.0 (including)
Crimson Redlion 3.2-build_3.2.0053.1 (including) 3.2-build_3.2.0053.1 (including)
Crimson Redlion 3.2-build_3.2.0053.18 (including) 3.2-build_3.2.0053.18 (including)

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use