Vulnerabilities > CVE-2023-41356 - Authorization Bypass Through User-Controlled Key vulnerability in Wisdomgarden Tronclass Ilearn 1.62.41849

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

wisdomgarden

CWE-639

NVD

Published: 2023-11-03

Updated: 2023-11-14

Summary

NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files.

Vulnerable Configurations

Part	Description	Count
Application	Wisdomgarden Wisdomgarden Tronclass Ilearn 1.62.41849	1

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

References

https://www.twcert.org.tw/tw/cp-132-7506-b4e29-1.html