Lucene search

K
cve[email protected]CVE-2023-1778
HistoryApr 27, 2023 - 10:15 a.m.

CVE-2023-1778

2023-04-2710:15:09
CWE-287
CWE-522
web.nvd.nist.gov
21
cve-2023-1778
gajshield
data security firewall
firmware
vulnerability
default credentials
remote attacker
superuser
arbitrary commands
administrative privileges
nvd

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.8%

This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 (except v4.21) due to insecure default credentials which allows remote attacker to login as superuser by using default username/password via web-based management interface and/or exposed SSH port thereby enabling remote attackers to execute arbitrary commands with administrative/superuser privileges on the targeted systems.

The vulnerability has been addressed by forcing the user to change their default password to a new non-default password.

Affected configurations

NVD
Node
gajshielddata_security_firewall_firmwareRange<4.21
OR
gajshielddata_security_firewall_firmwareRange4.224.28
AND
gajshielddata_security_firewallMatch-

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Data Security Firewall",
    "vendor": "GajShield",
    "versions": [
      {
        "lessThan": "4.28",
        "status": "affected",
        "version": "4.5",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "4.21"
      }
    ]
  }
]

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.8%

Related for CVE-2023-1778