Lucene search

JpcertCVE-2023-22286

HistoryJan 17, 2023 - 10:15 a.m.

CVE-2023-22286

2023-01-1710:15:11

CWE-352

jpcert

web.nvd.nist.gov

cve-2023-22286

csrf

vulnerability

maho-pbx

netdevancer

security

nvd

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

34.9%

JSON

Cross-site request forgery (CSRF) vulnerability in MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allows a remote unauthenticated attacker to hijack the user authentication and conduct user’s unintended operations by having a user to view a malicious page while logged in.

Affected configurations

Nvd

Vulners

Node

ate-mahorobamaho-pbx_netdevancer_firmwareRange<1.11.00lite

AND

ate-mahorobamaho-pbx_netdevancerMatch-lite

Node

ate-mahorobamaho-pbx_netdevancer_vsg_firmwareRange<1.11.00lite

AND

ate-mahorobamaho-pbx_netdevancer_vsgMatch-lite

Node

ate-mahorobamaho-pbx_netdevancer_mobilegate_firmwareRange<1.11.00home

AND

ate-mahorobamaho-pbx_netdevancer_mobilegateMatch-home

Node

ate-mahorobamaho-pbx_netdevancer_firmwareRange<1.11.00uni

AND

ate-mahorobamaho-pbx_netdevancerMatch-uni

Node

ate-mahorobamaho-pbx_netdevancer_firmwareRange<1.11.00pro

AND

ate-mahorobamaho-pbx_netdevancerMatch-pro

Node

ate-mahorobamaho-pbx_netdevancer_firmwareRange<1.11.00cloud

AND

ate-mahorobamaho-pbx_netdevancerMatch-cloud

Node

ate-mahorobamaho-pbx_netdevancer_vsg_firmwareRange<1.11.00uni

AND

ate-mahorobamaho-pbx_netdevancer_vsgMatch-uni

Node

ate-mahorobamaho-pbx_netdevancer_mobilegate_firmwareRange<1.11.00office

AND

ate-mahorobamaho-pbx_netdevancer_mobilegateMatch-office

VendorProductVersionCPE
ate-mahorobamaho-pbx_netdevancer_firmware*cpe:2.3:o:ate-mahoroba:maho-pbx_netdevancer_firmware:*:*:*:*:lite:*:*:*
ate-mahorobamaho-pbx_netdevancer-cpe:2.3:h:ate-mahoroba:maho-pbx_netdevancer:-:*:*:*:lite:*:*:*
ate-mahorobamaho-pbx_netdevancer_vsg_firmware*cpe:2.3:o:ate-mahoroba:maho-pbx_netdevancer_vsg_firmware:*:*:*:*:lite:*:*:*
ate-mahorobamaho-pbx_netdevancer_vsg-cpe:2.3:h:ate-mahoroba:maho-pbx_netdevancer_vsg:-:*:*:*:lite:*:*:*
ate-mahorobamaho-pbx_netdevancer_mobilegate_firmware*cpe:2.3:o:ate-mahoroba:maho-pbx_netdevancer_mobilegate_firmware:*:*:*:*:home:*:*:*
ate-mahorobamaho-pbx_netdevancer_mobilegate-cpe:2.3:h:ate-mahoroba:maho-pbx_netdevancer_mobilegate:-:*:*:*:home:*:*:*
ate-mahorobamaho-pbx_netdevancer_firmware*cpe:2.3:o:ate-mahoroba:maho-pbx_netdevancer_firmware:*:*:*:*:uni:*:*:*
ate-mahorobamaho-pbx_netdevancer-cpe:2.3:h:ate-mahoroba:maho-pbx_netdevancer:-:*:*:*:uni:*:*:*
ate-mahorobamaho-pbx_netdevancer_firmware*cpe:2.3:o:ate-mahoroba:maho-pbx_netdevancer_firmware:*:*:*:*:pro:*:*:*
ate-mahorobamaho-pbx_netdevancer-cpe:2.3:h:ate-mahoroba:maho-pbx_netdevancer:-:*:*:*:pro:*:*:*

Vendor	Product	Version	CPE
ate-mahoroba	maho-pbx_netdevancer_firmware	*	cpe:2.3:o:ate-mahoroba:maho-pbx_netdevancer_firmware:::::lite:::*
ate-mahoroba	maho-pbx_netdevancer	-	cpe:2.3:h:ate-mahoroba:maho-pbx_netdevancer:-::::lite:::
ate-mahoroba	maho-pbx_netdevancer_vsg_firmware	*	cpe:2.3:o:ate-mahoroba:maho-pbx_netdevancer_vsg_firmware:::::lite:::*
ate-mahoroba	maho-pbx_netdevancer_vsg	-	cpe:2.3:h:ate-mahoroba:maho-pbx_netdevancer_vsg:-::::lite:::
ate-mahoroba	maho-pbx_netdevancer_mobilegate_firmware	*	cpe:2.3:o:ate-mahoroba:maho-pbx_netdevancer_mobilegate_firmware:::::home:::*
ate-mahoroba	maho-pbx_netdevancer_mobilegate	-	cpe:2.3:h:ate-mahoroba:maho-pbx_netdevancer_mobilegate:-::::home:::
ate-mahoroba	maho-pbx_netdevancer_firmware	*	cpe:2.3:o:ate-mahoroba:maho-pbx_netdevancer_firmware:::::uni:::*
ate-mahoroba	maho-pbx_netdevancer	-	cpe:2.3:h:ate-mahoroba:maho-pbx_netdevancer:-::::uni:::
ate-mahoroba	maho-pbx_netdevancer_firmware	*	cpe:2.3:o:ate-mahoroba:maho-pbx_netdevancer_firmware:::::pro:::*
ate-mahoroba	maho-pbx_netdevancer	-	cpe:2.3:h:ate-mahoroba:maho-pbx_netdevancer:-::::pro:::

Rows per page:

1-10 of 161

CNA Affected

[
  {
    "vendor": "Mahoroba Kobo, Inc.",
    "product": "MAHO-PBX NetDevancer series",
    "versions": [
      {
        "version": "MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN99957889/index.html

www.ate-mahoroba.jp/netdevancer/manual/

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

34.9%

JSON

Related for CVE-2023-22286