CVE-2023-4896: 
NixOS vulnerability analysis and mitigation

CVE-2023-4896 is a security vulnerability affecting the AirWave Management Platform web-based management interface. The vulnerability was discovered and disclosed in October 2023. It impacts AirWave versions up to 8.2.15.2 and versions from 8.3.0 up to 8.3.0.2. This vulnerability allows an authenticated attacker to access sensitive information through the web interface (NVD).

The vulnerability is characterized by a CVSS v3.1 base score of 6.5 (Medium) according to NIST's assessment, with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The attack vector is network-based (AV:N), with low attack complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), and unchanged scope (S:U). The vulnerability primarily impacts confidentiality (C:H) with no effect on integrity or availability (NVD).

Successful exploitation of this vulnerability allows an attacker to gain access to sensitive information that could potentially be leveraged for lateral movement to access devices managed and monitored by the AirWave server. The primary impact is on data confidentiality, with no direct impact on system integrity or availability (NVD).

The affected versions include AirWave versions up to 8.2.15.2 and versions from 8.3.0 up to 8.3.0.2. Users should update to the latest version that addresses this vulnerability (NVD).