CVE-2023-33282 in MSM
Summary
by MITRE • 06/07/2023
Marval MSM through 14.19.0.12476 and 15.0 has a System account with default credentials. A remote attacker is able to login and create a valid session. This makes it possible to make backend calls to endpoints in the application.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 01/04/2026
The vulnerability identified as CVE-2023-33282 affects Marval MSM versions up to 14.19.0.12476 and 15.0, presenting a critical security flaw that stems from the presence of a system account with default credentials. This weakness allows remote attackers to authenticate and establish valid sessions within the application, fundamentally compromising the system's security posture. The flaw represents a classic example of poor security configuration where default administrative accounts are not properly secured or disabled upon installation, creating an entry point that requires no specialized knowledge or tools to exploit.
The technical implementation of this vulnerability involves the existence of a system account with hardcoded credentials that remain unchanged from the default configuration. When an attacker discovers these default credentials, they can authenticate to the system and create valid sessions that persist until explicitly terminated. This authentication bypass allows unauthorized access to backend endpoints and services that should normally be restricted to authorized personnel only. The vulnerability directly maps to CWE-798, which addresses the use of hard-coded credentials, and CWE-259, which covers the use of weak default passwords. The operational impact of this flaw extends beyond simple unauthorized access as it enables attackers to perform backend calls to various application endpoints, potentially leading to data exfiltration, system manipulation, or further exploitation of the platform.
From an attacker's perspective, this vulnerability provides a straightforward path to system compromise without requiring advanced exploitation techniques or specialized tools. The remote nature of the attack means that an attacker can exploit this flaw from any location with network access to the affected system, making it particularly dangerous in cloud environments or when systems are exposed to the internet. The ability to create valid sessions implies that the attacker can maintain persistent access to the system, allowing for extended reconnaissance, data theft, or deployment of additional malicious payloads. This vulnerability aligns with ATT&CK technique T1078.004, which covers legitimate credentials, and T1046, which involves network service scanning to identify accessible systems. The persistence granted by valid sessions significantly increases the potential damage, as attackers can conduct their operations over extended periods without detection.
Organizations affected by this vulnerability should immediately implement mitigations including disabling or renaming the default system account, enforcing strong password policies, and implementing multi-factor authentication for all administrative accounts. The most effective immediate solution involves changing the default credentials to strong, unique passwords and ensuring that no default accounts remain active in production environments. Additionally, network segmentation should be implemented to limit access to critical systems, and regular security audits should be conducted to identify any remaining default accounts or weak configurations. The remediation process should include comprehensive system hardening procedures and adherence to security best practices such as those outlined in the NIST Cybersecurity Framework and ISO/IEC 27001 standards. Continuous monitoring and vulnerability scanning should be deployed to detect similar issues in other system components and ensure that default credentials are not inadvertently left in place during system deployment or updates.