8.8
CVE-2023-40144
- EPSS 9.53%
- Veröffentlicht 23.08.2023 04:15:10
- Zuletzt bearbeitet 21.11.2024 08:18:51
- Quelle vultures@jpcert.or.jp
- CVE-Watchlists
- Unerledigt
LoginOS command injection vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported, therefore updates for those products are not provided.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cbc ≫ Nr4h Firmware Version-
Cbc ≫ Nr8h Firmware Version-
Cbc ≫ Nr16h Firmware Version-
Cbc ≫ Dr-16f42a Firmware Version-
Cbc ≫ Dr-16f45at Firmware Version-
Cbc ≫ Dr-8f42a Firmware Version-
Cbc ≫ Dr-8f45at Firmware Version-
Cbc ≫ Dr-4fx1 Firmware Version-
Cbc ≫ Dr-16h Firmware Version-
Cbc ≫ Dr-8h Firmware Version-
Cbc ≫ Dr-4h Firmware Version-
Cbc ≫ Drh8-4m41-a Firmware Version-
Cbc ≫ Nr8-4m71 Firmware Version-
Cbc ≫ Nr8-8m72 Firmware Version-
Cbc ≫ Nr-16m Firmware Version-
Cbc ≫ Nr-16f85-8pra Firmware Version-
Cbc ≫ Nr-16f82-16p Firmware Version-
Cbc ≫ Nr-4f Firmware Version-
Cbc ≫ Nr-8f Firmware Version-
Cbc ≫ Dr-16m52 Firmware Version-
Cbc ≫ Dr-16m52-av Firmware Version-
Cbc ≫ Dr-8m52-av Firmware Version-
Cbc ≫ Dr-4m51-av Firmware Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 9.53% | 0.927 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.