{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-27573", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-11T14:23:00.621Z", "dateReserved": "2023-03-03T00:00:00.000Z", "datePublished": "2026-03-11T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "netbox-docker", "vendor": "netbox-community", "versions": [{"lessThan": "2.5.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "netbox-docker before 2.5.0 has a superuser account with default credentials (admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSER_API_TOKEN). In practice on the public Internet, almost all users changed the password but only about 90% changed the token. Having a default token value was intentional and was valuable for the main intended use case of the netbox-docker product (isolated development networks). Some users engaged in an effort to repurpose netbox-docker for production. The documentation for this effort stated that the defaults must not be used. However, installation did not ensure non-default values. The Supplier was aware of the CVE ID assignment and did not object to the assignment."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1392", "description": "CWE-1392 Use of Default Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-11T05:01:47.850Z"}, "references": [{"url": "https://github.com/netbox-community/netbox-docker/issues/953"}, {"url": "https://github.com/netbox-community/netbox-docker/pull/959"}, {"url": "https://github.com/netbox-community/netbox-docker/releases/tag/2.5.0"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-11T14:15:15.278309Z", "id": "CVE-2023-27573", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T14:23:00.621Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-27573", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-11T14:15:15.278309Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T14:22:30.552Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}}], "affected": [{"vendor": "netbox-community", "product": "netbox-docker", "versions": [{"status": "affected", "version": "0", "lessThan": "2.5.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/netbox-community/netbox-docker/issues/953"}, {"url": "https://github.com/netbox-community/netbox-docker/pull/959"}, {"url": "https://github.com/netbox-community/netbox-docker/releases/tag/2.5.0"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "descriptions": [{"lang": "en", "value": "netbox-docker before 2.5.0 has a superuser account with default credentials (admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSER_API_TOKEN). In practice on the public Internet, almost all users changed the password but only about 90% changed the token. Having a default token value was intentional and was valuable for the main intended use case of the netbox-docker product (isolated development networks). Some users engaged in an effort to repurpose netbox-docker for production. The documentation for this effort stated that the defaults must not be used. However, installation did not ensure non-default values. The Supplier was aware of the CVE ID assignment and did not object to the assignment."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1392", "description": "CWE-1392 Use of Default Credentials"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-11T05:01:47.850Z"}}}, "cveMetadata": {"cveId": "CVE-2023-27573", "state": "PUBLISHED", "dateUpdated": "2026-03-11T14:23:00.621Z", "dateReserved": "2023-03-03T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-11T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netboxlabs:netbox-docker:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5D08B9C-EB2C-403D-973C-4E40EAB484FC", "versionEndExcluding": "2.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "netbox-docker before 2.5.0 has a superuser account with default credentials (admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSER_API_TOKEN). In practice on the public Internet, almost all users changed the password but only about 90% changed the token. Having a default token value was intentional and was valuable for the main intended use case of the netbox-docker product (isolated development networks). Some users engaged in an effort to repurpose netbox-docker for production. The documentation for this effort stated that the defaults must not be used. However, installation did not ensure non-default values. The Supplier was aware of the CVE ID assignment and did not object to the assignment."}, {"lang": "es", "value": "netbox-docker anterior a la versi\u00f3n 2.5.0 tiene una cuenta de superusuario con credenciales predeterminadas (contrase\u00f1a 'admin' para la cuenta 'admin', y el valor 0123456789abcdef0123456789abcdef01234567 para SUPERUSER_API_TOKEN). En la pr\u00e1ctica, en la Internet p\u00fablica, casi todos los usuarios cambiaron la contrase\u00f1a, pero solo alrededor del 90% cambi\u00f3 el token. Tener un valor de token predeterminado fue intencional y fue valioso para el caso de uso principal previsto del producto netbox-docker (redes de desarrollo aisladas). Algunos usuarios se embarcaron en un esfuerzo para reutilizar netbox-docker para producci\u00f3n. La documentaci\u00f3n para este esfuerzo indicaba que los valores predeterminados no deb\u00edan usarse. Sin embargo, la instalaci\u00f3n no garantizaba valores no predeterminados. El Proveedor estaba al tanto de la asignaci\u00f3n del ID de CVE y no se opuso a la asignaci\u00f3n."}], "id": "CVE-2023-27573", "lastModified": "2026-05-07T18:13:07.807", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 6.0, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-11T06:17:11.933", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/netbox-community/netbox-docker/issues/953"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/netbox-community/netbox-docker/pull/959"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://github.com/netbox-community/netbox-docker/releases/tag/2.5.0"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1392"}], "source": "cve@mitre.org", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2.5.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "netbox-docker", "source": "cna", "vendor": "netbox-community"}, "product": "netbox-docker", "vendor": "netbox"}], "created": "2026-03-11T11:39:01.296087+00:00", "updated": "2026-05-07T20:00:12.071962+00:00", "vendors": ["netbox", "netbox$PRODUCT$netbox-docker"]}