CVE-2023-7342
Published: 02 April 2026
Summary
CVE-2023-7342 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Belden (inferred from references). Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 17.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
CVE-2023-7342 is a privilege escalation vulnerability in the HiSecOS web server, affecting versions 03.4.00 prior to 04.1.00. It enables authenticated users with operator or auditor roles to elevate their privileges to the administrator role by sending specially crafted packets to the web server. The flaw is rated with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-269 (Improper Privilege Management).
An attacker with existing low-privilege access, such as operator or auditor credentials, can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation grants full administrative access to the affected device, potentially allowing complete control over the system's configuration, data, and operations.
Advisories from Belden (BSECV-2021-07) and VulnCheck detail the issue and recommend upgrading to HiSecOS web server version 04.1.00 or later to mitigate the vulnerability.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-60544
Vulnerability details
HiSecOS web server versions 03.4.00 prior to 04.1.00 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can…
more
exploit this flaw to gain full administrative access to the affected device.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct exploitation of improper privilege management flaw in authenticated web session to escalate from operator/auditor to administrator role.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Flaw remediation directly addresses this privilege escalation vulnerability by applying the vendor-recommended upgrade to HiSecOS web server version 04.1.00 or later.
Least privilege enforcement counters CWE-269 improper privilege management, preventing operator or auditor users from escalating to administrator via crafted packets.
Access enforcement ensures the web server authorizes actions based on roles, blocking unauthorized privilege escalation from specially crafted packets.