7.1
CVE-2023-31245
- EPSS 0.07%
- Veröffentlicht 22.05.2023 20:15:10
- Zuletzt bearbeitet 21.11.2024 08:01:41
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginDevices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attackers could impersonate a device and supply malicious information about the device’s web server interface. By supplying malicious parameters, an attacker could redirect the user to arbitrary and dangerous locations on the web.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Snapone ≫ Orvc SwPlatformpro Version < 7.3.0
Control4 ≫ Ca-1 Version-
Control4 ≫ Ca-10 Version-
Control4 ≫ Ea-1 Version-
Control4 ≫ Ea-3 Version-
Control4 ≫ Ea-5 Version-
Snapone ≫ An-110-rt-2l1w Version-
Snapone ≫ An-110-rt-2l1w-wifi Version-
Snapone ≫ An-310-rt-4l2w Version-
Snapone ≫ Ovrc-300-pro Version-
Snapone ≫ Pakedge Rk-1 Version-
Snapone ≫ Pakedge Rt-3100 Version-
Snapone ≫ Pakedge Wr-1 Version-
Control4 ≫ Ca-10 Version-
Control4 ≫ Ea-1 Version-
Control4 ≫ Ea-3 Version-
Control4 ≫ Ea-5 Version-
Snapone ≫ An-110-rt-2l1w Version-
Snapone ≫ An-110-rt-2l1w-wifi Version-
Snapone ≫ An-310-rt-4l2w Version-
Snapone ≫ Ovrc-300-pro Version-
Snapone ≫ Pakedge Rk-1 Version-
Snapone ≫ Pakedge Rt-3100 Version-
Snapone ≫ Pakedge Wr-1 Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.221 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| ics-cert@hq.dhs.gov | 7.1 | 2.8 | 3.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.