Advisory ID: BT24-03

White chain icon to symbolize the ability to copy a link
Link copied
Check mark to visually show text has been copied

  • CVSSv3 Score: 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

  • Severity: High

  • Issue Date: 2024-04-23
  • Updated On: 2024-04-23
  • CVE(s): CVE-2024-4018

Synopsis:

U-Series Appliance - Privilege Escalation via Local Appliance API

Impacted Product:

U-Series Appliance

Summary

White chain icon to symbolize the ability to copy a link
Link copied
Check mark to visually show text has been copied

Prior to version 4.0.3, an unprivileged user can use the local appliance API to create an account with administrator privileges or change the password of the btadmin account.

Affected Versions

White chain icon to symbolize the ability to copy a link
Link copied
Check mark to visually show text has been copied
Product Version
U-Series Appliance Prior to 4.0.3

Fixed Versions

White chain icon to symbolize the ability to copy a link
Link copied
Check mark to visually show text has been copied
Product Version
U-Series Appliance 4.0.3

References

White chain icon to symbolize the ability to copy a link
Link copied
Check mark to visually show text has been copied
  1. https://www.cve.org/cverecord?id=CVE-2024-4018
Prefers reduced motion setting detected. Animations will now be reduced as a result.