CVE-2023-26097 – CVE-2023-26097 is an authorization bypass vulne... (How to Fix)

Q: What is the severity of CVE-2023-26097?

CVE-2023-26097 has a CVSS score of 8.4 (HIGH). CVE-2023-26097 is an authorization bypass vulnerability in Telindus Apsal software that allows unauthorized users to modify application behavior. This affects organizations using Telindus Apsal version 3.14.2022.235 b for network management and monitoring.

📋 TL;DR

CVE-2023-26097 is an authorization bypass vulnerability in Telindus Apsal software that allows unauthorized users to modify application behavior. This affects organizations using Telindus Apsal version 3.14.2022.235 b for network management and monitoring.

💻 Affected Systems

Products:

Telindus Apsal

Versions: 3.14.2022.235 b

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of the specified version are vulnerable regardless of configuration.

📦 What is this software?

Apsal by Telindus

View all CVEs affecting Apsal →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could modify critical application settings, disrupt network operations, or potentially gain administrative control over the system.

🟠

Likely Case

Unauthorized users could alter monitoring configurations, disable security controls, or manipulate network device management.

🟢

If Mitigated

With proper network segmentation and access controls, impact would be limited to the application layer only.

🌐 Internet-Facing: HIGH if the Apsal interface is exposed to the internet, as it allows direct exploitation.

🏢 Internal Only: MEDIUM for internal networks, requiring attacker to have internal access first.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires network access to the Apsal interface but no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Contact Telindus for updated version

Vendor Advisory: https://cds.thalesgroup.com/en/tcs-cert/CVE-2023-26097

Restart Required: Yes

Instructions:

1. Contact Telindus support for patched version. 2. Backup current configuration. 3. Install updated version. 4. Restart Apsal services. 5. Verify functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to Apsal interface to authorized management networks only

Access Control Lists

all

Implement firewall rules to limit source IP addresses that can reach Apsal

🧯 If You Can't Patch

Isolate Apsal system on separate VLAN with strict access controls
Implement additional authentication layer (reverse proxy with MFA) in front of Apsal

🔍 How to Verify

Check if Vulnerable:

Check Apsal version in web interface or configuration files for '3.14.2022.235 b'

Check Version:

Check Apsal web interface or configuration files for version information

Verify Fix Applied:

Verify version number has changed from vulnerable version and test authorization controls

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to Apsal interface
Configuration changes from unexpected sources

Network Indicators:

Unusual traffic patterns to Apsal port (typically 80/443)
Requests bypassing authentication endpoints

SIEM Query:

source_ip=* AND dest_port=80,443 AND dest_ip=Apsal_IP AND (uri_contains="/config" OR uri_contains="/admin")

📊 Metadata

CVE ID: CVE-2023-26097

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-863

Published: April 24, 2023

Last Updated: May 30, 2025

🔗 References

https://cds.thalesgroup.com/en/tcs-cert/CVE-2023-26097
https://excellium-services.com/cert-xlm-advisory/CVE-2023-26097 Third Party Advisory
https://www.telindus.lu/fr/produits/apsal Product
https://excellium-services.com/cert-xlm-advisory/CVE-2023-26097 Third Party Advisory
https://www.telindus.lu/fr/produits/apsal Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-26097, you might also want to check these: