CVE-2023-3048

Vulnerability

The TMT Lockcell product versions before 15 contain an Authorization Bypass Through User-Controlled Key vulnerability [1]. This flaw allows an attacker to manipulate a user-controlled key to bypass authentication mechanisms, effectively enabling authentication abuse and complete authentication bypass [1]. The vulnerable code path does not properly validate or restrict the user-supplied key, leading to unauthorized access conditions [1].

Exploitation

An attacker can exploit this vulnerability remotely without any prior authentication or user interaction [1]. The only requirement is network access to the affected Lockcell instance [1]. By sending crafted requests that include a manipulated user-controlled key, the attacker can bypass the authentication check and gain access to protected functionality [1].

Impact

Successful exploitation grants the attacker unauthorized access to the system, effectively bypassing all authentication controls [1]. This can lead to full compromise of the affected device, including potential disclosure of sensitive information, modification of configurations, or disruption of services [1]. The CVSS v3 base score of 9.8 (Critical) reflects the severe impact on confidentiality, integrity, and availability [1].

Mitigation

The vendor has addressed this vulnerability in version 15 of TMT Lockcell [1]. Users are strongly advised to upgrade to version 15 or later to remediate the issue [1]. No workarounds or mitigations have been disclosed for earlier versions [1]. It is not currently listed on CISA's Known Exploited Vulnerabilities (KEV) catalog [1].