CWE
158
EPSS
0.091%
Advisory Published
Updated

CVE-2023-5719: Red Lion Crimson Improper Neutralization of Null Byte or NUL Character

First published: Mon Nov 06 2023(Updated: )

The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability.

Credit: ics-cert@hq.dhs.gov

Affected SoftwareAffected VersionHow to fix
Redlion Crimson<3.2
Redlion Crimson=3.2-build_3.2.0008.0
Redlion Crimson=3.2-build_3.2.0014.0
Redlion Crimson=3.2-build_3.2.0015.0
Redlion Crimson=3.2-build_3.2.0016.0
Redlion Crimson=3.2-build_3.2.0020.0
Redlion Crimson=3.2-build_3.2.0021.0
Redlion Crimson=3.2-build_3.2.0025.0
Redlion Crimson=3.2-build_3.2.0026.0
Redlion Crimson=3.2-build_3.2.0030.0
Redlion Crimson=3.2-build_3.2.0031.0
Redlion Crimson=3.2-build_3.2.0035.0
Redlion Crimson=3.2-build_3.2.0036.0
Redlion Crimson=3.2-build_3.2.0040.0
Redlion Crimson=3.2-build_3.2.0041.0
Redlion Crimson=3.2-build_3.2.0044.0
Redlion Crimson=3.2-build_3.2.0047.0
Redlion Crimson=3.2-build_3.2.0050.0
Redlion Crimson=3.2-build_3.2.0051.0
Redlion Crimson=3.2-build_3.2.0053.0
Redlion Crimson=3.2-build_3.2.0053.1
Redlion Crimson=3.2-build_3.2.0053.18
Redlion Da50a
Redlion Da70a

Remedy

Red Lion recommends updating the Crimson configuration tool to version 3.2.0063 or later by using the automatic update feature or visiting the Red Lion website https://www.redlion.net/node/16883 . Any existing or new accounts created should refrain from using the percent (%) character in the configured password in versions 3.2.0053.18 or below. For more information refer to Red Lion's security advisory RLCSIM-2023-04 https://support.redlion.net/hc/en-us/categories/360002087671-Security-Advisories .

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2023-5719?

    CVE-2023-5719 is a vulnerability in Red Lion Crimson that allows users to define new passwords containing the percent (%) character, potentially causing invalid values and truncation issues.

  • How severe is CVE-2023-5719?

    CVE-2023-5719 has a severity value of 9.8, which is classified as critical.

  • Which software versions of Red Lion Crimson are affected by CVE-2023-5719?

    Red Lion Crimson versions 3.2-build_3.2.0008.0 and later are affected by CVE-2023-5719.

  • How can I fix CVE-2023-5719?

    To fix CVE-2023-5719, it is recommended to update Red Lion Crimson to the latest version available.

  • Where can I find more information about CVE-2023-5719?

    More information about CVE-2023-5719 can be found at the following references: [CISA Advisory](https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-01), [Red Lion Support Advisories](https://support.redlion.net/hc/en-us/categories/360002087671-Security-Advisories).

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203