Advantech R-SeeNet 2.4.22 Hidden Root-User Enables Priv Escalation
CVE-2023-2611 Published on June 22, 2023
Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list. This hidden user has a password that cannot be changed by users.
Vulnerability Analysis
CVE-2023-2611 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Weakness Type
Use of Hard-coded Credentials
The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
Products Associated with CVE-2023-2611
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-2611 are published in Advantech R Seenet:
Affected Versions
Advantech R-SeeNet:- Before and including 2.4.22 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.