Lucene search

JpcertCVE-2023-22296

HistoryJan 17, 2023 - 10:15 a.m.

CVE-2023-22296

2023-01-1710:15:11

CWE-79

jpcert

web.nvd.nist.gov

cve-2023-22296

cross-site scripting

vulnerability

maho-pbx netdevancer

remote attacker

unauthenticated

nvd

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

51.2%

JSON

Reflected cross-site scripting vulnerability in MAHO-PBX NetDevancer series MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allows a remote unauthenticated attacker to inject an arbitrary script.

Affected configurations

Nvd

Vulners

Node

ate-mahorobamaho-pbx_netdevancer_firmwareRange<1.11.00lite

AND

ate-mahorobamaho-pbx_netdevancerMatch-lite

Node

ate-mahorobamaho-pbx_netdevancer_vsg_firmwareRange<1.11.00lite

AND

ate-mahorobamaho-pbx_netdevancer_vsgMatch-lite

Node

ate-mahorobamaho-pbx_netdevancer_mobilegate_firmwareRange<1.11.00home

AND

ate-mahorobamaho-pbx_netdevancer_mobilegateMatch-home

Node

ate-mahorobamaho-pbx_netdevancer_firmwareRange<1.11.00uni

AND

ate-mahorobamaho-pbx_netdevancerMatch-uni

Node

ate-mahorobamaho-pbx_netdevancer_firmwareRange<1.11.00pro

AND

ate-mahorobamaho-pbx_netdevancerMatch-pro

Node

ate-mahorobamaho-pbx_netdevancer_firmwareRange<1.11.00cloud

AND

ate-mahorobamaho-pbx_netdevancerMatch-cloud

Node

ate-mahorobamaho-pbx_netdevancer_vsg_firmwareRange<1.11.00uni

AND

ate-mahorobamaho-pbx_netdevancer_vsgMatch-uni

Node

ate-mahorobamaho-pbx_netdevancer_mobilegate_firmwareRange<1.11.00office

AND

ate-mahorobamaho-pbx_netdevancer_mobilegateMatch-office

VendorProductVersionCPE
ate-mahorobamaho-pbx_netdevancer_firmware*cpe:2.3:o:ate-mahoroba:maho-pbx_netdevancer_firmware:*:*:*:*:lite:*:*:*
ate-mahorobamaho-pbx_netdevancer-cpe:2.3:h:ate-mahoroba:maho-pbx_netdevancer:-:*:*:*:lite:*:*:*
ate-mahorobamaho-pbx_netdevancer_vsg_firmware*cpe:2.3:o:ate-mahoroba:maho-pbx_netdevancer_vsg_firmware:*:*:*:*:lite:*:*:*
ate-mahorobamaho-pbx_netdevancer_vsg-cpe:2.3:h:ate-mahoroba:maho-pbx_netdevancer_vsg:-:*:*:*:lite:*:*:*
ate-mahorobamaho-pbx_netdevancer_mobilegate_firmware*cpe:2.3:o:ate-mahoroba:maho-pbx_netdevancer_mobilegate_firmware:*:*:*:*:home:*:*:*
ate-mahorobamaho-pbx_netdevancer_mobilegate-cpe:2.3:h:ate-mahoroba:maho-pbx_netdevancer_mobilegate:-:*:*:*:home:*:*:*
ate-mahorobamaho-pbx_netdevancer_firmware*cpe:2.3:o:ate-mahoroba:maho-pbx_netdevancer_firmware:*:*:*:*:uni:*:*:*
ate-mahorobamaho-pbx_netdevancer-cpe:2.3:h:ate-mahoroba:maho-pbx_netdevancer:-:*:*:*:uni:*:*:*
ate-mahorobamaho-pbx_netdevancer_firmware*cpe:2.3:o:ate-mahoroba:maho-pbx_netdevancer_firmware:*:*:*:*:pro:*:*:*
ate-mahorobamaho-pbx_netdevancer-cpe:2.3:h:ate-mahoroba:maho-pbx_netdevancer:-:*:*:*:pro:*:*:*

Vendor	Product	Version	CPE
ate-mahoroba	maho-pbx_netdevancer_firmware	*	cpe:2.3:o:ate-mahoroba:maho-pbx_netdevancer_firmware:::::lite:::*
ate-mahoroba	maho-pbx_netdevancer	-	cpe:2.3:h:ate-mahoroba:maho-pbx_netdevancer:-::::lite:::
ate-mahoroba	maho-pbx_netdevancer_vsg_firmware	*	cpe:2.3:o:ate-mahoroba:maho-pbx_netdevancer_vsg_firmware:::::lite:::*
ate-mahoroba	maho-pbx_netdevancer_vsg	-	cpe:2.3:h:ate-mahoroba:maho-pbx_netdevancer_vsg:-::::lite:::
ate-mahoroba	maho-pbx_netdevancer_mobilegate_firmware	*	cpe:2.3:o:ate-mahoroba:maho-pbx_netdevancer_mobilegate_firmware:::::home:::*
ate-mahoroba	maho-pbx_netdevancer_mobilegate	-	cpe:2.3:h:ate-mahoroba:maho-pbx_netdevancer_mobilegate:-::::home:::
ate-mahoroba	maho-pbx_netdevancer_firmware	*	cpe:2.3:o:ate-mahoroba:maho-pbx_netdevancer_firmware:::::uni:::*
ate-mahoroba	maho-pbx_netdevancer	-	cpe:2.3:h:ate-mahoroba:maho-pbx_netdevancer:-::::uni:::
ate-mahoroba	maho-pbx_netdevancer_firmware	*	cpe:2.3:o:ate-mahoroba:maho-pbx_netdevancer_firmware:::::pro:::*
ate-mahoroba	maho-pbx_netdevancer	-	cpe:2.3:h:ate-mahoroba:maho-pbx_netdevancer:-::::pro:::

Rows per page:

1-10 of 161

CNA Affected

[
  {
    "vendor": "Mahoroba Kobo, Inc.",
    "product": "MAHO-PBX NetDevancer series",
    "versions": [
      {
        "version": "MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN99957889/index.html

www.ate-mahoroba.jp/netdevancer/manual/

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

51.2%

JSON

Related for CVE-2023-22296