CVE-2023-38405

EPSS 0.07%
Published 17.07.2023 21:15:09
Last modified 21.11.2024 08:13:29
Source cve@mitre.org
Teams watchlist Login
Open Login

On Crestron 3-Series Control Systems before 1.8001.0187, crafting and sending a specific BACnet packet can cause a crash.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Crestron ≫ Cp3n 6505417 Firmware Version < 1.8001.0187

Crestron ≫ Cp3n 6505417 Version-

Crestron ≫ Cp3 6504877 Firmware Version < 1.8001.0187

Crestron ≫ Cp3 6504877 Version-

Crestron ≫ Cp3-gv 6506034 Firmware Version < 1.8001.0187

Crestron ≫ Cp3-gv 6506034 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.215

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://www.crestron.com/release_notes/cp3n_1.8001.0187_release_notes.pdf

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2023-38405

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-38405

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-38405

EUVD