Strix
26.1K

CVE-2023-42419

LOWCVSS 3.8/10EPSS 0.14%

Last modified

CVE-2023-42419 is a low-severity vulnerability rated 3.8/10 on the CVSS scale. Maintenance Server, in Cybellum's QCOW air-gapped distribution (China Edition), versions 2.15.5 through 2.27, was compiled with a hard-coded private cryptographic key. An attacker with administrative privileges & access to the air-gapped server could potentially use this key to run commands on the server. The issue was resolved in version 2.28. Earlier versions, including all Cybellum 1.x versions, and distributions for the rest of the world remain unaffected. . EPSS estimates a 0.14% chance of exploitation in the next 30 days.

Description

Maintenance Server, in Cybellum's QCOW air-gapped distribution (China Edition), versions 2.15.5 through 2.27, was compiled with a hard-coded private cryptographic key. An attacker with administrative privileges & access to the air-gapped server could potentially use this key to run commands on the server. The issue was resolved in version 2.28. Earlier versions, including all Cybellum 1.x versions, and distributions for the rest of the world remain unaffected.

Metrics

CVSS 3.1
3.8/10

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

EPSS Probability
0.14%

3.6th percentile

Probability of exploitation in the next 30 days. Learn more

References

Timeline

Published
Last Modified
Status
Deferred

Frequently Asked Questions

What is CVE-2023-42419?
Maintenance Server, in Cybellum's QCOW air-gapped distribution (China Edition), versions 2.15.5 through 2.27, was compiled with a hard-coded private cryptographic key. An attacker with administrative privileges & access to the air-gapped server could potentially use this key to run commands on the server. The issue was resolved in version 2.28. Earlier versions, including all Cybellum 1.x versions, and distributions for the rest of the world remain unaffected.
How severe is CVE-2023-42419?
CVE-2023-42419 has a CVSS score of 3.8/10 (LOW severity). The EPSS model estimates a 0.14% probability of exploitation in the next 30 days.
How do I fix CVE-2023-42419?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-42419?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST