Unauthenticated Access to CGI Scripts in PowerShield SNMP Web Pro 1.1

Unauthenticated Access to CGI Scripts in PowerShield SNMP Web Pro 1.1

CVE-2023-33274 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface (CGI) scripts without proper identification or authorization. This vulnerability arises from a lack of proper cookie verification and affects all instances of SNMP Web Pro 1.1 without HTTP Digest authentication enabled, regardless of the password used for the web interface.

Learn more about our Web App Pen Testing.