Advisory ID: BT24-03
CVSSv3 Score: 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Severity: High
Issue Date: 2024-04-23
Updated On: 2024-04-23
CVE(s): CVE-2024-4018
Synopsis:
U-Series Appliance - Privilege Escalation via Local Appliance API
Impacted Product:
U-Series Appliance
Summary
Prior to version 4.0.3, an unprivileged user can use the local appliance API to create an account with administrator privileges or change the password of the btadmin account.
Affected Versions
Product | Version |
|---|---|
U-Series Appliance | Prior to 4.0.3 |
Fixed Versions
Product | Version |
|---|---|
U-Series Appliance | 4.0.3 |