CVE-2023-5719

Red Lion Crimson Improper Neutralization of Null Byte or NUL Character

Description

The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability.

Remediation

Solution:

  • Red Lion recommends updating the Crimson configuration tool to version 3.2.0063 or later by using the automatic update feature or visiting the Red Lion website https://www.redlion.net/node/16883 . Any existing or new accounts created should refrain from using the percent (%) character in the configured password in versions 3.2.0053.18 or below. For more information refer to Red Lion's security advisory RLCSIM-2023-04 https://support.redlion.net/hc/en-us/categories/360002087671-Security-Advisories .

Category

8.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.09%
Vendor Advisory redlion.net
Affected: Red Lion Crimson
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-01 third party advisory us government resource
https://support.redlion.net/hc/en-us/categories/360002087671-Security-Advisories vendor advisory

Frequently Asked Questions

What is the severity of CVE-2023-5719?
CVE-2023-5719 has been scored as a high severity vulnerability.
How to fix CVE-2023-5719?
To fix CVE-2023-5719: Red Lion recommends updating the Crimson configuration tool to version 3.2.0063 or later by using the automatic update feature or visiting the Red Lion website https://www.redlion.net/node/16883 . Any existing or new accounts created should refrain from using the percent (%) character in the configured password in versions 3.2.0053.18 or below. For more information refer to Red Lion's security advisory RLCSIM-2023-04 https://support.redlion.net/hc/en-us/categories/360002087671-Security-Advisories .
Is CVE-2023-5719 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-5719 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-5719?
CVE-2023-5719 affects Red Lion Crimson.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.