CVE-2023-30350

Vulnerability

The FS S3900-24T4S network switch contains a privilege escalation vulnerability that allows authenticated users with guest-level access to escalate their privileges and reset the admin password [1]. The exact versions affected are not specified in the available references, but the vulnerability is known to affect the FS S3900-24T4S device.

Exploitation

An attacker must first obtain guest-level access to the device, which requires authentication. Once authenticated as a guest, the attacker can exploit the vulnerability to escalate privileges and reset the admin password. The specific steps are not disclosed in the available references [1].

Impact

Successful exploitation allows the attacker to gain administrative privileges on the device, including the ability to reset the admin password. This grants full control over the switch, potentially leading to unauthorized configuration changes, denial of service, or further network compromise.

Mitigation

As of the publication date, no official patch or mitigation has been disclosed by the vendor in the available references [1]. Users should monitor vendor advisories and consider restricting guest access or applying access controls until a fix is released.