CVE Catalog

CVE-2023-27573

Critical
Published: Translated: NVD NIST

Summary

Netbox-docker versions before 2.5.0 have a superuser account with default credentials. The default password for the admin account is 'admin', and the SUPERUSER_API_TOKEN value is '0123456789abcdef0123456789abcdef01234567'.

Risk Assessment

Using default credentials poses a risk of unauthorized access to the system, especially in production environments where not all users have changed the token.

Recommendation

It is recommended to immediately change the default credentials and API token to unique values to minimize the risk of unauthorized access.

Original NVD description (English source)

netbox-docker before 2.5.0 has a superuser account with default credentials (admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSER_API_TOKEN). In practice on the public Internet, almost all users changed the password but only about 90% changed the token. Having a default token value was intentional and was valuable for the main intended use case of the netbox-docker product (isolated development networks). Some users engaged in an effort to repurpose netbox-docker for production. The documentation for this effort stated that the defaults must not be used. However, installation did not ensure non-default values. The Supplier was aware of the CVE ID assignment and did not object to the assignment.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS