Privilege Elevation in Ercom Cryptobox administration console_CVE-2026-0873

4.8 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U

Description

On a Cryptobox platform where administrator segregation based on entities is used, some vulnerabilities in Ercom Cryptobox administration console allows an authenticated entity administrator with knowledge to elevate his account to global administrator.

Basic Information

ID CVE-2026-0873

Source THA-PSIRT

Published Feb 4, 2026 at 10:42

Affected Product

Vendor Ercom

Product Cryptobox

Version v4.40.x

CWE Classification

CWE-79 CWE-1220

References

info.cryptobox.com /doc/v4.40/4.40.en/

{
    "lastseen": "",
    "description": "On a Cryptobox platform where administrator segregation based on entities is used, some vulnerabilities in Ercom Cryptobox administration console allows an authenticated entity administrator with knowledge to elevate his account to global administrator.",
    "published": "2026-02-04T10:42:14.626Z",
    "modified": "2026-02-04T10:42:14.626Z",
    "type": "cve",
    "title": "Privilege Elevation in Ercom Cryptobox administration console",
    "source": "THA-PSIRT",
    "references": "https://info.cryptobox.com/doc/v4.40/4.40.en/",
    "id": "CVE-2026-0873",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79",
        "CWE-1220"
    ],
    "cvelist": null,
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Cryptobox",
    "version": "v4.40.x",
    "vendor": "Ercom",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}