Cyber Resilience

CVE-2023-2799

Medium

Published: 18 May 2023

Published
18 May 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 6.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0029 52.8th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-2799 is a medium-severity Use of Hard-coded Password (CWE-259) vulnerability in Cnoa Oa Project Cnoa Oa. Its CVSS base score is 6.3 (Medium).

Operationally, ranked in the top 47.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A vulnerability, which was classified as problematic, has been found in cnoa OA up to 5.1.1.5. Affected by this issue is some unknown functionality of the file /index.php?app=main&func=passport&action=login. The manipulation leads to use of hard-coded password. The exploit has been…

more

disclosed to the public and may be used. The identifier of this vulnerability is VDB-229376. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cnoa oa project
cnoa oa
≤ 5.1.1.5

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-259

Changing default authenticators prior to first use directly prevents use of hard-coded passwords.

addresses: CWE-259

Shared threat data frequently highlights products or deployments still using hard-coded passwords, enabling remediation that directly blocks credential-based attacks.

addresses: CWE-259

Background checks and authorization requirements decrease the probability that a developer will hard-code passwords for later unauthorized access.

addresses: CWE-259

Reviews of supplier deliverables reduce the chance that hard-coded passwords are introduced into the system.

References