Lucene search

JpcertCVE-2023-22279

HistoryJan 17, 2023 - 10:15 a.m.

CVE-2023-22279

2023-01-1710:15:11

CWE-78

jpcert

web.nvd.nist.gov

cve-2023-22279

maho-pbx

netdevancer

remote code execution

security vulnerability

unauthenticated access

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.004

Percentile

73.2%

JSON

MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allow a remote unauthenticated attacker to execute an arbitrary OS command.

Affected configurations

Nvd

Vulners

Node

ate-mahorobamaho-pbx_netdevancerMatch-lite

AND

ate-mahorobamaho-pbx_netdevancer_firmwareRange<1.11.00lite

Node

ate-mahorobamaho-pbx_netdevancer_vsgMatch-lite

AND

ate-mahorobamaho-pbx_netdevancer_vsg_firmwareRange<1.11.00lite

Node

ate-mahorobamaho-pbx_netdevancer_mobilegateMatch-home

AND

ate-mahorobamaho-pbx_netdevancer_mobilegate_firmwareRange<1.11.00home

Node

ate-mahorobamaho-pbx_netdevancerMatch-uni

AND

ate-mahorobamaho-pbx_netdevancer_firmwareRange<1.11.00uni

Node

ate-mahorobamaho-pbx_netdevancerMatch-pro

AND

ate-mahorobamaho-pbx_netdevancer_firmwareRange<1.11.00pro

Node

ate-mahorobamaho-pbx_netdevancerMatch-cloud

AND

ate-mahorobamaho-pbx_netdevancer_firmwareRange<1.11.00cloud

Node

ate-mahorobamaho-pbx_netdevancer_vsgMatch-uni

AND

ate-mahorobamaho-pbx_netdevancer_vsg_firmwareRange<1.11.00uni

Node

ate-mahorobamaho-pbx_netdevancer_mobilegateMatch-office

AND

ate-mahorobamaho-pbx_netdevancer_mobilegate_firmwareRange<1.11.00office

VendorProductVersionCPE
ate-mahorobamaho-pbx_netdevancer-cpe:2.3:h:ate-mahoroba:maho-pbx_netdevancer:-:*:*:*:lite:*:*:*
ate-mahorobamaho-pbx_netdevancer_firmware*cpe:2.3:o:ate-mahoroba:maho-pbx_netdevancer_firmware:*:*:*:*:lite:*:*:*
ate-mahorobamaho-pbx_netdevancer_vsg-cpe:2.3:h:ate-mahoroba:maho-pbx_netdevancer_vsg:-:*:*:*:lite:*:*:*
ate-mahorobamaho-pbx_netdevancer_vsg_firmware*cpe:2.3:o:ate-mahoroba:maho-pbx_netdevancer_vsg_firmware:*:*:*:*:lite:*:*:*
ate-mahorobamaho-pbx_netdevancer_mobilegate-cpe:2.3:h:ate-mahoroba:maho-pbx_netdevancer_mobilegate:-:*:*:*:home:*:*:*
ate-mahorobamaho-pbx_netdevancer_mobilegate_firmware*cpe:2.3:o:ate-mahoroba:maho-pbx_netdevancer_mobilegate_firmware:*:*:*:*:home:*:*:*
ate-mahorobamaho-pbx_netdevancer-cpe:2.3:h:ate-mahoroba:maho-pbx_netdevancer:-:*:*:*:uni:*:*:*
ate-mahorobamaho-pbx_netdevancer_firmware*cpe:2.3:o:ate-mahoroba:maho-pbx_netdevancer_firmware:*:*:*:*:uni:*:*:*
ate-mahorobamaho-pbx_netdevancer-cpe:2.3:h:ate-mahoroba:maho-pbx_netdevancer:-:*:*:*:pro:*:*:*
ate-mahorobamaho-pbx_netdevancer_firmware*cpe:2.3:o:ate-mahoroba:maho-pbx_netdevancer_firmware:*:*:*:*:pro:*:*:*

Vendor	Product	Version	CPE
ate-mahoroba	maho-pbx_netdevancer	-	cpe:2.3:h:ate-mahoroba:maho-pbx_netdevancer:-::::lite:::
ate-mahoroba	maho-pbx_netdevancer_firmware	*	cpe:2.3:o:ate-mahoroba:maho-pbx_netdevancer_firmware:::::lite:::*
ate-mahoroba	maho-pbx_netdevancer_vsg	-	cpe:2.3:h:ate-mahoroba:maho-pbx_netdevancer_vsg:-::::lite:::
ate-mahoroba	maho-pbx_netdevancer_vsg_firmware	*	cpe:2.3:o:ate-mahoroba:maho-pbx_netdevancer_vsg_firmware:::::lite:::*
ate-mahoroba	maho-pbx_netdevancer_mobilegate	-	cpe:2.3:h:ate-mahoroba:maho-pbx_netdevancer_mobilegate:-::::home:::
ate-mahoroba	maho-pbx_netdevancer_mobilegate_firmware	*	cpe:2.3:o:ate-mahoroba:maho-pbx_netdevancer_mobilegate_firmware:::::home:::*
ate-mahoroba	maho-pbx_netdevancer	-	cpe:2.3:h:ate-mahoroba:maho-pbx_netdevancer:-::::uni:::
ate-mahoroba	maho-pbx_netdevancer_firmware	*	cpe:2.3:o:ate-mahoroba:maho-pbx_netdevancer_firmware:::::uni:::*
ate-mahoroba	maho-pbx_netdevancer	-	cpe:2.3:h:ate-mahoroba:maho-pbx_netdevancer:-::::pro:::
ate-mahoroba	maho-pbx_netdevancer_firmware	*	cpe:2.3:o:ate-mahoroba:maho-pbx_netdevancer_firmware:::::pro:::*

Rows per page:

1-10 of 161

CNA Affected

[
  {
    "vendor": "Mahoroba Kobo, Inc.",
    "product": "MAHO-PBX NetDevancer series",
    "versions": [
      {
        "version": "MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN99957889/index.html

www.ate-mahoroba.jp/netdevancer/manual/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.004

Percentile

73.2%

JSON

Related for CVE-2023-22279