CVE-2023-42231

High

Published: 13 January 2025

Published

13 January 2025

Modified

17 April 2025

KEV Added

—

Patch

—

CVSS Score 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

EPSS Score 0.0015 34.7th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can delete admin users by sending a request to the "WSCView/Delete" function.

Security Summary

CVE-2023-42231 is an Incorrect Access Control vulnerability (CWE-281) affecting Pat Infinite Solutions HelpdeskAdvanced versions up to and including 11.0.33. The issue allows low-privileged users to delete administrator accounts by sending a specially crafted request to the "WSCView/Delete" function. It has a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H), indicating high severity due to network accessibility, low attack complexity, and significant impacts on integrity and availability.

A low-privileged user with valid credentials can exploit this vulnerability remotely without user interaction. By targeting the "WSCView/Delete" endpoint, the attacker can delete admin users, potentially leading to denial of service for administrative functions and unauthorized disruption of access controls.

The primary reference for advisories is available at https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md. Specific details on patches or mitigations are not outlined in the provided CVE information.

Details

CWE(s): CWE-281

Affected Products

zucchetti

helpdeskadvanced

≤ 11.0.33

References

https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md
Third Party Advisory · cve@mitre.org