Lucene search

[email protected]CVE-2023-2379

HistoryApr 28, 2023 - 5:15 p.m.

CVE-2023-2379

2023-04-2817:15:43

CWE-404

[email protected]

web.nvd.nist.gov

cve-2023-2379

ubiquiti edgerouter x

web service

denial of service

remote attack

vdb-227655

nvd

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.7%

JSON

A vulnerability classified as critical has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Service. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227655.

Affected configurations

Vulners

NVD

Node

uiedgerouter_xMatch2.0.9hotfix_0

uiedgerouter_xMatch2.0.9hotfix_1

uiedgerouter_xMatch2.0.9hotfix_2

uiedgerouter_xMatch2.0.9hotfix_3

uiedgerouter_xMatch2.0.9hotfix_4

uiedgerouter_xMatch2.0.9hotfix_5

uiedgerouter_xMatch2.0.9hotfix_6

VendorProductVersionCPE
uiedgerouter_x2.0.9cpe:2.3:h:ui:edgerouter_x:2.0.9:hotfix_0:*:*:*:*:*:*
uiedgerouter_x2.0.9cpe:2.3:h:ui:edgerouter_x:2.0.9:hotfix_1:*:*:*:*:*:*
uiedgerouter_x2.0.9cpe:2.3:h:ui:edgerouter_x:2.0.9:hotfix_2:*:*:*:*:*:*
uiedgerouter_x2.0.9cpe:2.3:h:ui:edgerouter_x:2.0.9:hotfix_3:*:*:*:*:*:*
uiedgerouter_x2.0.9cpe:2.3:h:ui:edgerouter_x:2.0.9:hotfix_4:*:*:*:*:*:*
uiedgerouter_x2.0.9cpe:2.3:h:ui:edgerouter_x:2.0.9:hotfix_5:*:*:*:*:*:*
uiedgerouter_x2.0.9cpe:2.3:h:ui:edgerouter_x:2.0.9:hotfix_6:*:*:*:*:*:*

Vendor	Product	Version	CPE
ui	edgerouter_x	2.0.9	cpe:2.3:h:ui:edgerouter_x:2.0.9:hotfix_0::::::
ui	edgerouter_x	2.0.9	cpe:2.3:h:ui:edgerouter_x:2.0.9:hotfix_1::::::
ui	edgerouter_x	2.0.9	cpe:2.3:h:ui:edgerouter_x:2.0.9:hotfix_2::::::
ui	edgerouter_x	2.0.9	cpe:2.3:h:ui:edgerouter_x:2.0.9:hotfix_3::::::
ui	edgerouter_x	2.0.9	cpe:2.3:h:ui:edgerouter_x:2.0.9:hotfix_4::::::
ui	edgerouter_x	2.0.9	cpe:2.3:h:ui:edgerouter_x:2.0.9:hotfix_5::::::
ui	edgerouter_x	2.0.9	cpe:2.3:h:ui:edgerouter_x:2.0.9:hotfix_6::::::

CNA Affected

[
  {
    "vendor": "Ubiquiti",
    "product": "EdgeRouter X",
    "versions": [
      {
        "version": "2.0.9-hotfix.0",
        "status": "affected"
      },
      {
        "version": "2.0.9-hotfix.1",
        "status": "affected"
      },
      {
        "version": "2.0.9-hotfix.2",
        "status": "affected"
      },
      {
        "version": "2.0.9-hotfix.3",
        "status": "affected"
      },
      {
        "version": "2.0.9-hotfix.4",
        "status": "affected"
      },
      {
        "version": "2.0.9-hotfix.5",
        "status": "affected"
      },
      {
        "version": "2.0.9-hotfix.6",
        "status": "affected"
      }
    ],
    "modules": [
      "Web Service"
    ]
  }
]

References

github.com/leetsun/IoT/tree/main/EdgeRouterX/DoS

vuldb.com/?ctiid.227655

vuldb.com/?id.227655

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.7%

JSON

Related for CVE-2023-2379

cvelist1 prion1 nvd1