ByteOS Network

Vulnerability Details :

CVE-2023-2885

Assigner Org ID-ca940d4e-fea4-4aa2-9a58-591a58b1ce21

Published At-25 May, 2023 | 08:28

Updated At-15 Jan, 2025 | 21:00

Channel Accessible by Non-Endpoint in CBOT's Chatbot

Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in CBOT Chatbot allows Adversary in the Middle (AiTM).This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:TR-CERT

Assigner Org ID:ca940d4e-fea4-4aa2-9a58-591a58b1ce21

Published At:25 May, 2023 | 08:28

Updated At:15 Jan, 2025 | 21:00

▼CVE Numbering Authority (CNA)

Channel Accessible by Non-Endpoint in CBOT's Chatbot

Affected Products

Vendor

CBOT

Product

Chatbot

Default Status

unaffected

Versions

Affected

From 0 before Core: v4.0.3.4 Panel: v4.0.3.7 (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-924	CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel

Type: CWE

CWE ID: CWE-924

Description: CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel

Metrics

Version	Base score	Base severity	Vector
3.1	8.1	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Version: 3.1

Base score: 8.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Impacts

CAPEC ID	Description
CAPEC-94	CAPEC-94 Adversary in the Middle (AiTM)

CAPEC ID: CAPEC-94

Description: CAPEC-94 Adversary in the Middle (AiTM)

Solutions

Update the Core to >= v4.0.3.4 and the Panel to >= v4.0.3.7 .

Credits

finder

Koray Seyfullah DANISMA

References

Hyperlink	Resource
https://www.usom.gov.tr/bildirim/tr-23-0293	government-resource

Hyperlink: https://www.usom.gov.tr/bildirim/tr-23-0293

Resource:

government-resource

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://www.usom.gov.tr/bildirim/tr-23-0293	government-resource x_transferred

Hyperlink: https://www.usom.gov.tr/bildirim/tr-23-0293

Resource:

government-resource

x_transferred

2. CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:iletisim@usom.gov.tr

Published At:25 May, 2023 | 09:15

Updated At:05 Aug, 2023 | 16:15

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	8.1	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	8.1	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 3.1

Base score: 8.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 8.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CPE Matches

CBOT

>>cbot_core>>Versions before 4.0.3.4(exclusive)

cpe:2.3:a:cbot:cbot_core:*:*:*:*:*:*:*:*

CBOT

>>cbot_panel>>Versions before 4.0.3.7(exclusive)

cpe:2.3:a:cbot:cbot_panel:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-924	Primary	iletisim@usom.gov.tr
CWE-924	Secondary	nvd@nist.gov

CWE ID: CWE-924

Type: Primary

Source: iletisim@usom.gov.tr

CWE ID: CWE-924

Type: Secondary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://www.usom.gov.tr/bildirim/tr-23-0293	iletisim@usom.gov.tr	Third Party Advisory

Hyperlink: https://www.usom.gov.tr/bildirim/tr-23-0293

Source: iletisim@usom.gov.tr

Resource:

Third Party Advisory

Similar CVEs

2Records found

CVE-2021-41034

Matching Score-4

Assigner-Eclipse Foundation

View Details

Matching Score-4

Assigner-Eclipse Foundation

CVSS Score-8.1||HIGH

EPSS-0.20% / 42.73%

7 Day CHG~0.00%

Published-29 Sep, 2021 | 21:35

Updated-04 Aug, 2024 | 02:59

The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. As a consequence the builds of such stacks are vulnerable to MITM attacks that allow the replacement of the original binaries with arbitrary ones. The stacks involved are Java 8 (alpine and centos), Android and PHP. The vulnerability is not exploitable at runtime but only when building Che.

Vendor-Eclipse Foundation AISBL

Product-che Eclipse Che

CWE ID-CWE-924

Improper Enforcement of Message Integrity During Transmission in a Communication Channel

CVE-2023-6408

Matching Score-4

Assigner-Schneider Electric

View Details

Matching Score-4

Assigner-Schneider Electric

CVSS Score-8.1||HIGH

EPSS-0.16% / 37.08%

7 Day CHG~0.00%

Published-14 Feb, 2024 | 16:52

Updated-23 Jan, 2025 | 19:39

CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack.

Vendor-Schneider Electric SE

CWE ID-CWE-924

Improper Enforcement of Message Integrity During Transmission in a Communication Channel

CVE-2023-2885

Credits

Channel Accessible by Non-Endpoint in CBOT's Chatbot

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs