CVE-2023-3333

EPSS 0.07%
Veröffentlicht 28.06.2023 02:15:49
Zuletzt bearbeitet 21.11.2024 08:17:02
Quelle psirt-info@cyber.jp.nec.com
Teams Watchlist Login
Unerledigt Login

Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to execute an arbitrary OS command with the root privilege, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nec ≫ Aterm Wf300hp Firmware Version-

Nec ≫ Aterm Wf300hp Version-

Nec ≫ Aterm Wg1400hp Firmware Version-

Nec ≫ Aterm Wg1400hp Version-

Nec ≫ Aterm Wg1800hp Firmware Version-

Nec ≫ Aterm Wg1800hp Version-

Nec ≫ Aterm Wg1800hp2 Firmware Version-

Nec ≫ Aterm Wg1800hp2 Version-

Nec ≫ Aterm Wg2200hp Firmware Version-

Nec ≫ Aterm Wg2200hp Version-

Nec ≫ Aterm Wg2600hp Firmware Version-

Nec ≫ Aterm Wg2600hp Version-

Nec ≫ Aterm Wg2600hp2 Firmware Version-

Nec ≫ Aterm Wg2600hp2 Version-

Nec ≫ Aterm Wg300hp Firmware Version-

Nec ≫ Aterm Wg300hp Version-

Nec ≫ Aterm Wg600hp Firmware Version-

Nec ≫ Aterm Wg600hp Version-

Nec ≫ Aterm Wr8600n Firmware Version-

Nec ≫ Aterm Wr8600n Version-

Nec ≫ Aterm Wr8700n Firmware Version-

Nec ≫ Aterm Wr8700n Version-

Nec ≫ Aterm Wr8750n Firmware Version-

Nec ≫ Aterm Wr8750n Version-

Nec ≫ Aterm Wr9300n Firmware Version-

Nec ≫ Aterm Wr9300n Version-

Nec ≫ Aterm Wr9500n Firmware Version-

Nec ≫ Aterm Wr9500n Version-

Nec ≫ Aterm Wr8170n Firmware Version-

Nec ≫ Aterm Wr8170n Version-

Nec ≫ Aterm Wr8175n Firmware Version-

Nec ≫ Aterm Wr8175n Version-

Nec ≫ Aterm Wr8370n Firmware Version-

Nec ≫ Aterm Wr8370n Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.226

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

https://https://jpn.nec.com/security-info/secinfo/nv23-007_en.html

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2023-3333

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-3333

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-3333

EUVD