CVE-2023-3786
MEDIUMAures Komet < 20230509 - Improper Access Control in Kiosk Mode
Title source: llmDescription
A vulnerability classified as problematic has been found in Aures Komet up to 20230509. This affects an unknown part of the component Kiosk Mode. The manipulation leads to improper access controls. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier VDB-235053 was assigned to this vulnerability.
References (4)
Core 4
Core References
Permissions Required, Third Party Advisory, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.235053
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.235053
Third Party Advisory related
https://www.vulnerability-lab.com/get_content.php?id=2323
Mailing List, Third Party Advisory exploit
mailing-list
https://seclists.org/fulldisclosure/2023/Jul/40
Scores
CVSS v3
4.3
EPSS
0.0026
EPSS Percentile
17.1%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-284
Status
published
Products (1)
aures/komet_firmware
< 20230509
Published
Jul 20, 2023
Tracked Since
Feb 18, 2026