CVE-2023-4885

EPSS 0.07%
Veröffentlicht 03.10.2023 15:15:40
Zuletzt bearbeitet 21.11.2024 08:36:11
Quelle cve-coordination@incibe.es
CVE-Watchlists
Login
Unerledigt
Login

Man in the Middle vulnerability, which could allow an attacker to intercept VNF (Virtual Network Function) communications resulting in the exposure of sensitive information.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Open5gs ≫ Open5gs Version <= 2.4.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.206

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
cve-coordination@incibe.es	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-300 Channel Accessible by Non-Endpoint

The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-open5gs

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-4885

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-4885

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-4885

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-4885