{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-25T06:29:57.545","vulnerabilities":[{"cve":{"id":"CVE-2023-6263","sourceIdentifier":"96d4e157-0bf0-48b3-8efd-382c68caf4e0","published":"2023-11-22T18:15:09.780","lastModified":"2026-06-17T06:50:25.020","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered by IPVM team in Network Optix NxCloud before 23.1.0.40440. It was possible to add a fake VMS server to NxCloud by using the exact identification of a legitimate VMS server. As result, it was possible to retrieve authorization headers from legitimate users when the legitimate client connects to the fake VMS server.\n"},{"lang":"es","value":"Se descubrió un problema en Network Optix NxCloud antes de 23.1.0.40440. Fue posible agregar un servidor VMS falso a NxCloud utilizando la identificación exacta de un servidor VMS legítimo. Como resultado, fue posible recuperar encabezados de autorización de usuarios legítimos cuando el cliente legítimo se conecta al servidor VMS falso."}],"affected":[{"source":"96d4e157-0bf0-48b3-8efd-382c68caf4e0","affectedData":[{"vendor":"Network Optix","product":"NxCloud","defaultStatus":"unaffected","modules":["traffic_relay","cloud_db"],"versions":[{"version":"0","lessThan":"23.1.0.40440","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"96d4e157-0bf0-48b3-8efd-382c68caf4e0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}]},"weaknesses":[{"source":"96d4e157-0bf0-48b3-8efd-382c68caf4e0","type":"Secondary","description":[{"lang":"en","value":"CWE-290"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-290"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:networkoptix:nxcloud:*:*:*:*:*:*:*:*","versionEndExcluding":"23.1.0.40440","matchCriteriaId":"690A44F2-1ED6-4490-9E4E-17C6FFACD3AE"}]}]}],"references":[{"url":"https://networkoptix.atlassian.net/wiki/spaces/CHS/blog/2023/09/22/3074195467/vulnerability+2023-09-21+-+Server+Spoofing","source":"96d4e157-0bf0-48b3-8efd-382c68caf4e0","tags":["Vendor Advisory"]},{"url":"https://networkoptix.atlassian.net/wiki/spaces/CHS/blog/2023/09/22/3074195467/vulnerability+2023-09-21+-+Server+Spoofing","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}