CVE-2023-2885

Description

Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in CBOT Chatbot allows Adversary in the Middle (AiTM). This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

CBOT / Chatbot0 – Core: v4.0.3.4 Panel: v4.0.3.7

References

MISChttps://www.usom.gov.tr/bildirim/tr-23-0293
MISChttps://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0293