{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-08T14:12:19.390","vulnerabilities":[{"cve":{"id":"CVE-2023-27573","sourceIdentifier":"cve@mitre.org","published":"2026-03-11T06:17:11.933","lastModified":"2026-05-07T18:13:07.807","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"netbox-docker before 2.5.0 has a superuser account with default credentials (admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSER_API_TOKEN). In practice on the public Internet, almost all users changed the password but only about 90% changed the token. Having a default token value was intentional and was valuable for the main intended use case of the netbox-docker product (isolated development networks). Some users engaged in an effort to repurpose netbox-docker for production. The documentation for this effort stated that the defaults must not be used. However, installation did not ensure non-default values. The Supplier was aware of the CVE ID assignment and did not object to the assignment."},{"lang":"es","value":"netbox-docker anterior a la versión 2.5.0 tiene una cuenta de superusuario con credenciales predeterminadas (contraseña 'admin' para la cuenta 'admin', y el valor 0123456789abcdef0123456789abcdef01234567 para SUPERUSER_API_TOKEN). En la práctica, en la Internet pública, casi todos los usuarios cambiaron la contraseña, pero solo alrededor del 90% cambió el token. Tener un valor de token predeterminado fue intencional y fue valioso para el caso de uso principal previsto del producto netbox-docker (redes de desarrollo aisladas). Algunos usuarios se embarcaron en un esfuerzo para reutilizar netbox-docker para producción. La documentación para este esfuerzo indicaba que los valores predeterminados no debían usarse. Sin embargo, la instalación no garantizaba valores no predeterminados. El Proveedor estaba al tanto de la asignación del ID de CVE y no se opuso a la asignación."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"cve@mitre.org","type":"Primary","description":[{"lang":"en","value":"CWE-1392"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netboxlabs:netbox-docker:*:*:*:*:*:*:*:*","versionEndExcluding":"2.5.0","matchCriteriaId":"F5D08B9C-EB2C-403D-973C-4E40EAB484FC"}]}]}],"references":[{"url":"https://github.com/netbox-community/netbox-docker/issues/953","source":"cve@mitre.org","tags":["Exploit","Issue Tracking"]},{"url":"https://github.com/netbox-community/netbox-docker/pull/959","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/netbox-community/netbox-docker/releases/tag/2.5.0","source":"cve@mitre.org","tags":["Release Notes"]}]}}]}