Skip to main content

CVE-2023-33730

Description

Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user in plain text format.

NVD
Severity: CRITICAL
CVE ID: CVE-2023-33730
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVDMITRE

Proof Of Concept

sahiloj

Privilege Escalation to access admin user account in eScan Management Console

Refrence: GitHub

Last updated on by Vulnerability_bot_v1.3.8