CVE-2023-3050
9.8 CRITICALReliance on Cookies without Validation and Integrity Checking in a Security Decision vulnerability in TMT Lockcell allows Privilege Abuse...
Published: 2023-06-13 · Last updated: 2024-11-21
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-565, CWE-784
Affected products
| Vendor | Product |
|---|---|
| tmtmakine | lockcell_firmware |
Description
Reliance on Cookies without Validation and Integrity Checking in a Security Decision vulnerability in TMT Lockcell allows Privilege Abuse, Authentication Bypass.This issue affects Lockcell: before 15.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2023-3050
- [Exploit reference]https://fordefence.com/cve-2023-3050-reliance-on-cookies-without-validation-and-integrity-checking-in-a-security-decision-vulnerability-in-tmt-lockcell-allows-privilege-abuse-authentication-bypass/
- [Other]https://www.usom.gov.tr/bildirim/tr-23-0345
- [Exploit reference]https://fordefence.com/cve-2023-3050-reliance-on-cookies-without-validation-and-integrity-checking-in-a-security-decision-vulnerability-in-tmt-lockcell-allows-privilege-abuse-authentication-bypass/
- [Other]https://www.usom.gov.tr/bildirim/tr-23-0345
Related CVEs
Same vendor
- CVE-2023-3049 — Unrestricted Upload of File with Dangerous Type vulnerability in TMT Lockcell allows Command Injection.This issue affects Lockcell: befor... (9.8 CRITICAL)
- CVE-2023-3048 — Authorization Bypass Through User-Controlled Key vulnerability in TMT Lockcell allows Authentication Abuse, Authentication Bypass.This is... (9.8 CRITICAL)
- CVE-2023-3047 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TMT Lockcell allows SQL Injection.T... (9.8 CRITICAL)
Same CWE
- CVE-2026-8337 — Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys (5.3 MEDIUM)
- CVE-2026-0257 — Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker ... (9.1 CRITICAL)
- CVE-2024-0947 — Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Fal... (9.8 CRITICAL)