Vulnerability Details CVE-2023-28395
Osprey Pump Controller version 1.01 is vulnerable to a weak session token generation algorithm that can be predicted and can aid in authentication and authorization bypass. This may allow an attacker to hijack a session by predicting the session id and gain unauthorized access to the product.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.8%
CVSS Severity
CVSS v3 Score 8.3
References
Products affected by CVE-2023-28395
-
cpe:2.3:h:propumpservice:osprey_pump_controller:-
-
cpe:2.3:o:propumpservice:osprey_pump_controller_firmware:1.01