CVE-2023-5142

Exploit

EPSS 0.32%
Veröffentlicht 24.09.2023 22:15:10
Zuletzt bearbeitet 21.11.2024 08:41:08
Quelle cna@vuldb.com
Teams Watchlist Login
Unerledigt Login

A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file /userLogin.asp of the component Config File Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-240238 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

H3c ≫ Gr-1100-p Firmware Version <= 20230908

H3c ≫ Gr-1100-p Version-

H3c ≫ Gr-1108-p Firmware Version <= 20230908

H3c ≫ Gr-1108-p Version-

H3c ≫ Gr-1200w Firmware Version <= 20230908

H3c ≫ Gr-1200w Version-

H3c ≫ Gr-1800ax Firmware Version <= 20230908

H3c ≫ Gr-1800ax Version-

H3c ≫ Gr-2200 Firmware Version <= 20230908

H3c ≫ Gr-2200 Version-

H3c ≫ Gr-3200 Firmware Version <= 20230908

H3c ≫ Gr-3200 Version-

H3c ≫ Gr-5200 Firmware Version <= 20230908

H3c ≫ Gr-5200 Version-

H3c ≫ Gr-8300 Firmware Version <= 20230908

H3c ≫ Gr-8300 Version-

H3c ≫ Er3260g2 Firmware Version <= 20230908

H3c ≫ Er3260g2 Version-

H3c ≫ Er5200g2 Firmware Version <= 20230908

H3c ≫ Er5200g2 Version-

H3c ≫ Er3200g2 Firmware Version <= 20230908

H3c ≫ Er3200g2 Version-

H3c ≫ Er2100n Firmware Version <= 20230908

H3c ≫ Er2100n Version-

H3c ≫ Er6300g2 Firmware Version <= 20230908

H3c ≫ Er6300g2 Version-

H3c ≫ Er5100g2 Firmware Version <= 20230908

H3c ≫ Er5100g2 Version-

H3c ≫ Er2200g2 Firmware Version <= 20230908

H3c ≫ Er2200g2 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.32%	0.539

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cna@vuldb.com	3.7	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
cna@vuldb.com	2.6	4.9	2.9	AV:N/AC:H/Au:N/C:P/I:N/A:N

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://github.com/CJCniubi666/H3C-ER/blob/main/README.md

Third Party Advisory

Exploit

https://github.com/yinsel/CVE-H3C-Report

Third Party Advisory

Exploit

https://vuldb.com/?ctiid.240238

Third Party Advisory

Permissions Required

https://vuldb.com/?id.240238

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-5142

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-5142

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-5142

EUVD