CVE-2023-46294

low-risk

Published 2024-05-01

An issue was discovered in Teledyne FLIR M300 2.00-19. User account passwords are encrypted locally, and can be decrypted to cleartext passwords using the utility umSetup. This utility requires root permissions to execute.

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.4/10 Low

LOCAL / LOW complexity

References (4)

https://Loudmouth.io

https://gitlab.com/loudmouth-security/vulnerability-disclosures/cve-2023-46294

https://Loudmouth.io

https://gitlab.com/loudmouth-security/vulnerability-disclosures/cve-2023-46294

/ 100

low-risk

Severity 13/34 · Low

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal