{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5457", "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "state": "PUBLISHED", "assignerShortName": "Nozomi", "dateReserved": "2023-10-09T08:27:02.527Z", "datePublished": "2024-03-05T11:15:01.811Z", "dateUpdated": "2024-08-23T20:20:12.620Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "imx6 bundle", "vendor": "AiLux", "versions": [{"lessThan": "1.0.7-2", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Andrea Palanca of Nozomi Networks found this bug during a security research activity."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A CWE-1269 \u201cProduct Released in Non-Release Configuration\u201d vulnerability in the Django web framework used by the web application (due to the \u201cdebug\u201d configuration parameter set to \u201cTrue\u201d) allows a remote unauthenticated attacker to access critical information and have other unspecified impacts to the confidentiality, integrity, and availability of the application. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2."}], "value": "A CWE-1269 \u201cProduct Released in Non-Release Configuration\u201d vulnerability in the Django web framework used by the web application (due to the \u201cdebug\u201d configuration parameter set to \u201cTrue\u201d) allows a remote unauthenticated attacker to access critical information and have other unspecified impacts to the confidentiality, integrity, and availability of the application. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2."}], "impacts": [{"capecId": "CAPEC-1", "descriptions": [{"lang": "en", "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1269", "description": "CWE-1269 Product Released in Non-Release Configuration", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "shortName": "Nozomi", "dateUpdated": "2024-03-05T11:15:01.811Z"}, "references": [{"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-5457"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:59:44.696Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-5457", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "ailux", "product": "imx6_bundle", "cpes": ["cpe:2.3:a:ailux:imx6_bundle:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "1.0.7-2", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-23T20:20:08.350336Z", "id": "CVE-2023-5457", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-23T20:20:12.620Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-5457", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:59:44.696Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-5457", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-23T20:20:08.350336Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ailux:imx6_bundle:*:*:*:*:*:*:*:*"], "vendor": "ailux", "product": "imx6_bundle", "versions": [{"status": "affected", "version": "0", "lessThan": "1.0.7-2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-23T20:20:00.854Z"}}], "cna": {"source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Andrea Palanca of Nozomi Networks found this bug during a security research activity."}], "impacts": [{"capecId": "CAPEC-1", "descriptions": [{"lang": "en", "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "AiLux", "product": "imx6 bundle", "versions": [{"status": "affected", "version": "0", "lessThan": "1.0.7-2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-5457"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A CWE-1269 \u201cProduct Released in Non-Release Configuration\u201d vulnerability in the Django web framework used by the web application (due to the \u201cdebug\u201d configuration parameter set to \u201cTrue\u201d) allows a remote unauthenticated attacker to access critical information and have other unspecified impacts to the confidentiality, integrity, and availability of the application. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.", "supportingMedia": [{"type": "text/html", "value": "A CWE-1269 \u201cProduct Released in Non-Release Configuration\u201d vulnerability in the Django web framework used by the web application (due to the \u201cdebug\u201d configuration parameter set to \u201cTrue\u201d) allows a remote unauthenticated attacker to access critical information and have other unspecified impacts to the confidentiality, integrity, and availability of the application. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1269", "description": "CWE-1269 Product Released in Non-Release Configuration"}]}], "providerMetadata": {"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "shortName": "Nozomi", "dateUpdated": "2024-03-05T11:15:01.811Z"}}}, "cveMetadata": {"cveId": "CVE-2023-5457", "state": "PUBLISHED", "dateUpdated": "2024-08-23T20:20:12.620Z", "dateReserved": "2023-10-09T08:27:02.527Z", "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "datePublished": "2024-03-05T11:15:01.811Z", "assignerShortName": "Nozomi"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ailux:imx6:*:*:*:*:*:*:*:*", "matchCriteriaId": "0AC8BA0D-1588-4072-8BEA-464B1E76AF80", "versionEndExcluding": "1.0.7-2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A CWE-1269 \u201cProduct Released in Non-Release Configuration\u201d vulnerability in the Django web framework used by the web application (due to the \u201cdebug\u201d configuration parameter set to \u201cTrue\u201d) allows a remote unauthenticated attacker to access critical information and have other unspecified impacts to the confidentiality, integrity, and availability of the application. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2."}, {"lang": "es", "value": "Una vulnerabilidad CWE-1269 de \"Producto lanzado en configuraci\u00f3n sin lanzamiento\" en el framework web Django utilizado por la aplicaci\u00f3n web (debido al par\u00e1metro de configuraci\u00f3n \"depuraci\u00f3n\" establecido en \"Verdadero\") permite que un atacante remoto no autenticado acceda a informaci\u00f3n cr\u00edtica y tenga otros impactos no especificados a la confidencialidad, integridad y disponibilidad de la aplicaci\u00f3n. Este problema afecta: Paquete AiLux imx6 inferior a la versi\u00f3n imx6_1.0.7-2."}], "id": "CVE-2023-5457", "lastModified": "2025-04-09T20:34:52.100", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "prodsec@nozominetworks.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-05T12:15:47.793", "references": [{"source": "prodsec@nozominetworks.com", "tags": ["Third Party Advisory"], "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-5457"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-5457"}], "sourceIdentifier": "prodsec@nozominetworks.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1269"}], "source": "prodsec@nozominetworks.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}