Lucene search

K
cve[email protected]CVE-2023-2379
HistoryApr 28, 2023 - 5:15 p.m.

CVE-2023-2379

2023-04-2817:15:43
CWE-404
web.nvd.nist.gov
27
cve-2023-2379
ubiquiti edgerouter x
web service
denial of service
remote attack
vdb-227655
nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

31.6%

A vulnerability classified as critical has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Service. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227655.

Affected configurations

Vulners
NVD
Node
uiedgerouter_xMatch2.0.9hotfix_0
OR
uiedgerouter_xMatch2.0.9hotfix_1
OR
uiedgerouter_xMatch2.0.9hotfix_2
OR
uiedgerouter_xMatch2.0.9hotfix_3
OR
uiedgerouter_xMatch2.0.9hotfix_4
OR
uiedgerouter_xMatch2.0.9hotfix_5
OR
uiedgerouter_xMatch2.0.9hotfix_6
VendorProductVersionCPE
uiedgerouter_x2.0.9cpe:2.3:h:ui:edgerouter_x:2.0.9:hotfix_0:*:*:*:*:*:*
uiedgerouter_x2.0.9cpe:2.3:h:ui:edgerouter_x:2.0.9:hotfix_1:*:*:*:*:*:*
uiedgerouter_x2.0.9cpe:2.3:h:ui:edgerouter_x:2.0.9:hotfix_2:*:*:*:*:*:*
uiedgerouter_x2.0.9cpe:2.3:h:ui:edgerouter_x:2.0.9:hotfix_3:*:*:*:*:*:*
uiedgerouter_x2.0.9cpe:2.3:h:ui:edgerouter_x:2.0.9:hotfix_4:*:*:*:*:*:*
uiedgerouter_x2.0.9cpe:2.3:h:ui:edgerouter_x:2.0.9:hotfix_5:*:*:*:*:*:*
uiedgerouter_x2.0.9cpe:2.3:h:ui:edgerouter_x:2.0.9:hotfix_6:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "Ubiquiti",
    "product": "EdgeRouter X",
    "versions": [
      {
        "version": "2.0.9-hotfix.0",
        "status": "affected"
      },
      {
        "version": "2.0.9-hotfix.1",
        "status": "affected"
      },
      {
        "version": "2.0.9-hotfix.2",
        "status": "affected"
      },
      {
        "version": "2.0.9-hotfix.3",
        "status": "affected"
      },
      {
        "version": "2.0.9-hotfix.4",
        "status": "affected"
      },
      {
        "version": "2.0.9-hotfix.5",
        "status": "affected"
      },
      {
        "version": "2.0.9-hotfix.6",
        "status": "affected"
      }
    ],
    "modules": [
      "Web Service"
    ]
  }
]

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

31.6%

Related for CVE-2023-2379