CVE-2023-45083
MEDIUMHyperCloud 1.0-<2.1.0 - Authenticated Privilege Escalation via Admin User Deletion
Title source: llmDescription
An Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability for a user to authenticate against the management plane. An authenticated admin-level user may be able to delete the "admin" or "serveradmin" users, which prevents authentication from subsequently succeeding. This issue affects HyperCloud versions 1.0 to any release before 2.1.
References (1)
Core 1
Core References
Release Notes
https://advisories.softiron.cloud
Scores
CVSS v3
4.2
EPSS
0.0024
EPSS Percentile
14.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-269
Status
published
Products (1)
softiron/hypercloud
1.0 - 2.1.0
Published
Dec 05, 2023
Tracked Since
Feb 18, 2026