What is CVE-2023-5719?

CVE-2023-5719 is a vulnerability in Red Lion Crimson that allows users to define new passwords containing the percent (%) character, potentially causing invalid values and truncation issues.

How severe is CVE-2023-5719?

CVE-2023-5719 has a severity value of 9.8, which is classified as critical.

Which software versions of Red Lion Crimson are affected by CVE-2023-5719?

Red Lion Crimson versions 3.2-build_3.2.0008.0 and later are affected by CVE-2023-5719.

How can I fix CVE-2023-5719?

To fix CVE-2023-5719, it is recommended to update Red Lion Crimson to the latest version available.

Where can I find more information about CVE-2023-5719?

More information about CVE-2023-5719 can be found at the following references: [CISA Advisory](https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-01), [Red Lion Support Advisories](https://support.redlion.net/hc/en-us/categories/360002087671-Security-Advisories).

Vulnerability/
CVE-2023-5719

critical

9.8

CWE

158

EPSS

0.091%

6/11/2023

2/8/2024

CVE-2023-5719: Red Lion Crimson Improper Neutralization of Null Byte or NUL Character

First published: Mon Nov 06 2023(Updated: )

The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
Redlion Crimson	<3.2
Redlion Crimson	=3.2-build_3.2.0008.0
Redlion Crimson	=3.2-build_3.2.0014.0
Redlion Crimson	=3.2-build_3.2.0015.0
Redlion Crimson	=3.2-build_3.2.0016.0
Redlion Crimson	=3.2-build_3.2.0020.0
Redlion Crimson	=3.2-build_3.2.0021.0
Redlion Crimson	=3.2-build_3.2.0025.0
Redlion Crimson	=3.2-build_3.2.0026.0
Redlion Crimson	=3.2-build_3.2.0030.0
Redlion Crimson	=3.2-build_3.2.0031.0
Redlion Crimson	=3.2-build_3.2.0035.0
Redlion Crimson	=3.2-build_3.2.0036.0
Redlion Crimson	=3.2-build_3.2.0040.0
Redlion Crimson	=3.2-build_3.2.0041.0
Redlion Crimson	=3.2-build_3.2.0044.0
Redlion Crimson	=3.2-build_3.2.0047.0
Redlion Crimson	=3.2-build_3.2.0050.0
Redlion Crimson	=3.2-build_3.2.0051.0
Redlion Crimson	=3.2-build_3.2.0053.0
Redlion Crimson	=3.2-build_3.2.0053.1
Redlion Crimson	=3.2-build_3.2.0053.18
Redlion Da50a
Redlion Da70a

Remedy

Red Lion recommends updating the Crimson configuration tool to version 3.2.0063 or later by using the automatic update feature or visiting the Red Lion website https://www.redlion.net/node/16883 . Any existing or new accounts created should refrain from using the percent (%) character in the configured password in versions 3.2.0053.18 or below. For more information refer to Red Lion's security advisory RLCSIM-2023-04 https://support.redlion.net/hc/en-us/categories/360002087671-Security-Advisories .

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-5719?
CVE-2023-5719 is a vulnerability in Red Lion Crimson that allows users to define new passwords containing the percent (%) character, potentially causing invalid values and truncation issues.
How severe is CVE-2023-5719?
CVE-2023-5719 has a severity value of 9.8, which is classified as critical.
Which software versions of Red Lion Crimson are affected by CVE-2023-5719?
Red Lion Crimson versions 3.2-build_3.2.0008.0 and later are affected by CVE-2023-5719.
How can I fix CVE-2023-5719?
To fix CVE-2023-5719, it is recommended to update Red Lion Crimson to the latest version available.
Where can I find more information about CVE-2023-5719?
More information about CVE-2023-5719 can be found at the following references: [CISA Advisory](https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-01), [Red Lion Support Advisories](https://support.redlion.net/hc/en-us/categories/360002087671-Security-Advisories).

collector/nvd-api
agent/type
agent/event
agent/references
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/author
agent/title
agent/severity
agent/remedy
agent/weakness
agent/tags
collector/epss-latest
source/FIRST
agent/description
agent/epss
collector/mitre-cve
source/MITRE
vendor/redlion
canonical/redlion crimson
version/redlion crimson/3.2-build_3.2.0008.0
version/redlion crimson/3.2-build_3.2.0014.0
version/redlion crimson/3.2-build_3.2.0015.0
version/redlion crimson/3.2-build_3.2.0016.0
version/redlion crimson/3.2-build_3.2.0020.0
version/redlion crimson/3.2-build_3.2.0021.0
version/redlion crimson/3.2-build_3.2.0025.0
version/redlion crimson/3.2-build_3.2.0026.0
version/redlion crimson/3.2-build_3.2.0030.0
version/redlion crimson/3.2-build_3.2.0031.0
version/redlion crimson/3.2-build_3.2.0035.0
version/redlion crimson/3.2-build_3.2.0036.0
version/redlion crimson/3.2-build_3.2.0040.0
version/redlion crimson/3.2-build_3.2.0041.0
version/redlion crimson/3.2-build_3.2.0044.0
version/redlion crimson/3.2-build_3.2.0047.0
version/redlion crimson/3.2-build_3.2.0050.0
version/redlion crimson/3.2-build_3.2.0051.0
version/redlion crimson/3.2-build_3.2.0053.0
version/redlion crimson/3.2-build_3.2.0053.1
version/redlion crimson/3.2-build_3.2.0053.18
canonical/redlion da50a
canonical/redlion da70a