PatchSiren cyber security CVE debrief
CVE-2023-4702 Yepas CVE debrief
CVE-2023-4702 is a critical authentication bypass issue affecting Yepas Digital Yepas versions before 1.0.1. The NVD record classifies the flaw as an authentication bypass using an alternate path or channel and assigns a CVSS v3.1 score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). For defenders, the main concern is that unauthenticated remote access could allow an attacker to bypass login controls and reach protected functionality.
- Vendor
- Yepas
- Product
- Digital Yepas
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2023-09-14
- Original CVE updated
- 2026-05-21
- Advisory published
- 2023-09-14
- Advisory updated
- 2026-05-21
Who should care
Administrators and security teams responsible for Digital Yepas deployments, especially any internet-facing instances running a version earlier than 1.0.1. Asset owners, vulnerability management teams, and identity/access control owners should treat this as a high-priority authentication issue.
Technical summary
The supplied NVD data indicates a vulnerable CPE for cpe:2.3:a:yepas:digital_yepas:* with versionEndExcluding 1.0.1. The weakness mapping includes CWE-288 and CWE-306, which align with alternate-path authentication bypass and missing authentication controls. Based on the record, exploitation does not require privileges or user interaction and can be attempted remotely over the network.
Defensive priority
Immediate. The combination of unauthenticated network access and high confidentiality, integrity, and availability impact makes this a critical remediation item. Prioritize upgrade or exposure reduction before routine maintenance work.
Recommended defensive actions
- Upgrade Digital Yepas to version 1.0.1 or later, since the supplied NVD CPE data marks versions before 1.0.1 as affected.
- Inventory all Digital Yepas deployments and verify the exact installed version, including embedded or bundled instances.
- Restrict network exposure of affected systems until remediation is complete, especially any systems accessible from untrusted networks.
- Review authentication and access-control logs for unexpected access to protected functions around the affected service.
- Validate compensating controls such as network segmentation, strong perimeter filtering, and monitoring for anomalous requests to authentication endpoints.
Evidence notes
This debrief is based only on the supplied NVD-derived corpus and linked official/third-party references. Supported facts include: CVE-2023-4702, publication date 2023-09-14T20:15:12.373Z, modified date 2026-05-21T09:16:24.713Z, affected product Digital Yepas before 1.0.1, CVSS 9.8, NVD vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, and weakness mappings CWE-288 and CWE-306. No CISA KEV entry was supplied.
Official resources
-
CVE-2023-4702 CVE record
CVE.org
-
CVE-2023-4702 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
Publicly listed in NVD on 2023-09-14. The supplied record was later modified on 2026-05-21; that modification date should not be treated as the vulnerability's original disclosure date.