Lucene search

MitreCVE-2023-23325

HistoryNov 29, 2023 - 1:15 a.m.

CVE-2023-23325

2023-11-2901:15:07

CWE-78

mitre

web.nvd.nist.gov

zumtobel

netlink

ccd

onboard

firmware

command injection

vulnerability

cve-2023-23325

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

29.6%

JSON

Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain a command injection vulnerability via the NetHostname parameter.

Affected configurations

Nvd

Node

zumtobelnetlink_ccd_firmwareMatch3.80

AND

zumtobelnetlink_ccdMatch3.74

VendorProductVersionCPE
zumtobelnetlink_ccd_firmware3.80cpe:2.3:o:zumtobel:netlink_ccd_firmware:3.80:*:*:*:*:*:*:*
zumtobelnetlink_ccd3.74cpe:2.3:h:zumtobel:netlink_ccd:3.74:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zumtobel	netlink_ccd_firmware	3.80	cpe:2.3:o:zumtobel:netlink_ccd_firmware:3.80:::::::*
zumtobel	netlink_ccd	3.74	cpe:2.3:h:zumtobel:netlink_ccd:3.74:::::::*

References

zumtobel.com

yoroi.company/en/research/cve-advisory-partial-disclosure-zumtobel-multiple-vulnerabilities/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

29.6%

JSON

Related for CVE-2023-23325