NVD

Vulnerability Change Records for CVE-2023-36483

Action	Type	Old Value	New Value
Added	CVSS V3.1		Carrier Global Corporation AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Added	CWE		Carrier Global Corporation CWE-639
Changed	Description	An authorization bypass was discovered in the Carrier MASmobile Classic application through 1.16.18 for Android, MASmobile Classic app through 1.7.24 for iOS, and MAS ASP.Net Services through 1.9. It can be achieved via session ID prediction, allowing remote attackers to retrieve sensitive data including customer data, security system status, and event history. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The affected products cannot simply be updated; they must be removed, but can be replaced by other Carrier software as explained in the Carrier advisory.	Authorization bypass can be achieved by session ID prediction in MASmobile Classic Android version 1.16.18 and earlier and MASmobile Classic iOS version 1.7.24 and earlier which allows remote attackers to retrieve sensitive data including customer data, security system status, and event history.
Added	Reference		Carrier Global Corporation https://www.corporate.carrier.com/product-security/advisories-resources/ [No types assigned]
Removed	Reference	Carrier Global Corporation https://www.corporate.carrier.com/Images/CARR-PSA-MASMobile%20Classic%20Authorization%20Bypass-012-0623_tcm558-203964.pdf
Removed	Tag	Carrier Global Corporation unsupported-when-assigned