Vulnerabilities > CVE-2023-36497 - Authentication Bypass by Primary Weakness vulnerability in Doverfuelingsolutions Maglink LX web Console Configuration

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

doverfuelingsolutions

CWE-305

NVD

Published: 2023-09-11

Updated: 2024-10-24

Summary

Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 could allow a guest user to elevate to admin privileges.

Vulnerable Configurations

Part	Description	Count
Application	Doverfuelingsolutions Doverfuelingsolutions Maglink LX WEB Console Configuration 2.5.1 Doverfuelingsolutions Maglink LX WEB Console Configuration 2.5.2 Doverfuelingsolutions Maglink LX WEB Console Configuration 2.5.3 Doverfuelingsolutions Maglink LX WEB Console Configuration 2.6.1 Doverfuelingsolutions Maglink LX WEB Console Configuration 2.11 Doverfuelingsolutions Maglink LX WEB Console Configuration 3.0 Doverfuelingsolutions Maglink LX WEB Console Configuration 3.2 Doverfuelingsolutions Maglink LX WEB Console Configuration 3.3	8
Hardware	Doverfuelingsolutions Doverfuelingsolutions Maglink LX 3 -	1

Common Weakness Enumeration (CWE)

CWE-305 - Authentication Bypass by Primary Weakness

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01