Uc 500E Firmware
CVE-2023-50706
MEDIUM
Severity by source
AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
A user without administrator permissions with access to the UC500 windows system could perform a memory dump of the running processes and extract clear credentials or valid session tokens.
AnalysisAI
A user without administrator permissions with access to the UC500 windows system could perform a memory dump of the running processes and extract clear credentials or valid session tokens. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-284. A user without administrator permissions with access to the UC500 windows system could perform a memory dump of the running processes and extract clear credentials or valid session tokens. Affected products include: Efacec Uc 500E Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Uc 500E Firmware
View allAn attacker could construct a URL within the application that causes a redirection to an arbitrary external domain and c
An attacker with network access could perform a man-in-the-middle (MitM) attack and capture sensitive information to gai
An attacker could create malicious requests to obtain sensitive information about the web server. Rated medium severity
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today