{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-43845", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-02-13T15:46:51.444Z", "datePublished": "2024-05-28T18:17:55.220Z", "dateReserved": "2023-09-25T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-28T18:17:55.534Z"}, "descriptions": [{"lang": "en", "value": "Aten PE6208 2.3.228 and 2.4.232 have default credentials for the privileged telnet account. The user is not asked to change the credentials after first login. If not changed, attackers can log in to the telnet console and gain administrator privileges."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/setersora/pe6208"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-43845", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-30T18:53:14.621380Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:aten:pe6208:2.3.228:*:*:*:*:*:*:*"], "vendor": "aten", "product": "pe6208", "versions": [{"status": "affected", "version": "2.3.228"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:aten:pe6208:2.4.232:*:*:*:*:*:*:*"], "vendor": "aten", "product": "pe6208", "versions": [{"status": "affected", "version": "2.4.232"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:26:05.322Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:52:11.392Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/setersora/pe6208", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/setersora/pe6208", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:52:11.392Z"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-43845", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-30T18:53:14.621380Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:aten:pe6208:2.3.228:*:*:*:*:*:*:*"], "vendor": "aten", "product": "pe6208", "versions": [{"status": "affected", "version": "2.3.228"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:aten:pe6208:2.4.232:*:*:*:*:*:*:*"], "vendor": "aten", "product": "pe6208", "versions": [{"status": "affected", "version": "2.4.232"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-30T18:57:20.987Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/setersora/pe6208"}], "descriptions": [{"lang": "en", "value": "Aten PE6208 2.3.228 and 2.4.232 have default credentials for the privileged telnet account. The user is not asked to change the credentials after first login. If not changed, attackers can log in to the telnet console and gain administrator privileges."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-28T18:17:55.534Z"}}}, "cveMetadata": {"cveId": "CVE-2023-43845", "state": "PUBLISHED", "dateUpdated": "2025-02-13T15:46:51.444Z", "dateReserved": "2023-09-25T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-05-28T18:17:55.220Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:aten:pe6208_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CDCBDF8A-295F-4E24-B7ED-C2D8C229B2D7", "versionEndExcluding": "2.4.239", "versionStartIncluding": "2.3.228", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:aten:pe6208:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D32AAB9-F426-4F0C-8705-04D0B89D52D1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Aten PE6208 2.3.228 and 2.4.232 have default credentials for the privileged telnet account. The user is not asked to change the credentials after first login. If not changed, attackers can log in to the telnet console and gain administrator privileges."}, {"lang": "es", "value": "Aten PE6208 2.3.228 y 2.4.232 tienen credenciales predeterminadas para la cuenta telnet privilegiada. No se solicita al usuario que cambie las credenciales despu\u00e9s de iniciar sesi\u00f3n por primera vez. Si no se modifica, los atacantes pueden iniciar sesi\u00f3n en la consola telnet y obtener privilegios de administrador."}], "id": "CVE-2023-43845", "lastModified": "2025-05-30T16:25:14.470", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-28T19:15:09.403", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/setersora/pe6208"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/setersora/pe6208"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}