CVE-2023-3768

EPSS 0.56%
Veröffentlicht 02.10.2023 11:15:50
Zuletzt bearbeitet 21.11.2024 08:18:01
Quelle cve-coordination@incibe.es
CVE-Watchlists
Login
Unerledigt
Login

Vulnerability in Ingeteam's INGEPAC EF/DA

Incorrect data input validation vulnerability, which could allow an attacker with access to the network to implement fuzzing techniques that would allow him to gain knowledge about specially crafted packets that would create a DoS condition through the MMS protocol when initiating communication, achieving a complete system reboot of the device and its services.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 3 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ingeteam ≫ Ingepac Da3451 Firmware Version-

Ingeteam ≫ Ingepac Da3451 Version-

Ingeteam ≫ Ingepac Ef Md Firmware Version-

Ingeteam ≫ Ingepac Ef Md Version-

Ingeteam ≫ Ingepac Fc5066 Firmware Version-

Ingeteam ≫ Ingepac Fc5066 Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.56%	0.419

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cve-coordination@incibe.es	8.6	3.9	4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ingeteam-products

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-3768

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-3768

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-3768

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-3768