CVE-2023-36483

MEDIUM

MASmobile Classic <1.16.18-1.7.24 - Auth Bypass

Title source: llm

Description

Authorization bypass can be achieved by session ID prediction in MASmobile Classic Android version 1.16.18 and earlier and MASmobile Classic iOS version 1.7.24 and earlier which allows remote attackers to retrieve sensitive data including customer data, security system status, and event history.

References (1)

Core 1

Core References

Various Sources

https://www.corporate.carrier.com/product-security/advisories-resources/

Scores

CVSS v3 6.5

EPSS 0.0018

EPSS Percentile 38.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-639

Status published

Products (3)

honeywell/masmobile_asp.net_services < 1.9

honeywell/masmobile_classic < 1.16.18

honeywell/masmobile_classic < 1.7.24

Published Mar 16, 2024

Tracked Since Feb 18, 2026