Lucene search

[email protected]CVE-2023-23295

HistoryFeb 23, 2023 - 11:15 p.m.

CVE-2023-23295

2023-02-2323:15:10

CWE-77

[email protected]

web.nvd.nist.gov

cve-2023-23295

korenix

jetwave

command injection

vulnerability

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.4%

JSON

Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root.

Affected configurations

NVD

Node

korenixjetwave_2212g_firmwareMatch1.3.t

AND

korenixjetwave_2212gMatch-

Node

korenixjetwave_2212xMatch-

AND

korenixjetwave_2212x_firmwareMatch1.3.0

Node

korenixjetwave_2212sMatch-

AND

korenixjetwave_2212s_firmwareMatch1.3.0

Node

korenixjetwave_2211cMatch-

AND

korenixjetwave_2211c_firmwareRange<1.6

Node

korenixjetwave_2411Match-

AND

korenixjetwave_2411_firmwareRange<1.5

Node

korenixjetwave_2111Match-

AND

korenixjetwave_2111_firmwareRange<1.5

Node

korenixjetwave_2411lMatch-

AND

korenixjetwave_2411l_firmwareRange<1.6

Node

korenixjetwave_2111lMatch-

AND

korenixjetwave_2111l_firmwareRange<1.6

Node

korenixjetwave_2414Match-

AND

korenixjetwave_2414_firmwareRange<1.4

Node

korenixjetwave_2114Match-

AND

korenixjetwave_2114_firmwareRange<1.4

Node

korenixjetwave_2414Match-

AND

korenixjetwave_2424_firmwareRange<1.3

Node

korenixjetwave_2460Match-

AND

korenixjetwave_2460_firmwareRange<1.6

Node

korenixjetwave_4221hp-e__firmwareRange≤1.3.0

AND

korenixjetwave_4221hp-eMatch-

Node

korenixjetwave_3220_v3__firmwareRange<1.7

AND

korenixjetwave_3220_v3Match-

Node

korenixjetwave_3420_v3__firmwareRange<1.7

AND

korenixjetwave_3420_v3Match-

CPENameOperatorVersion
korenix:jetwave_2212g_firmwarekorenix jetwave 2212g firmwareeq1.3.t

CPE	Name	Operator	Version
korenix:jetwave_2212g_firmware	korenix jetwave 2212g firmware	eq	1.3.t

References

cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetwave-series/

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.4%

JSON

Related for CVE-2023-23295

cvelist1 prion1 nvd1 ics1