CVE-2023-33730
Description
Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user in plain text format.
NVD
Severity: CRITICAL
CVE ID: CVE-2023-33730
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
sahiloj
Privilege Escalation to access admin user account in eScan Management Console
Refrence: GitHub