Lucene search

MitreCVE-2023-24294

HistoryNov 29, 2023 - 1:15 a.m.

CVE-2023-24294

2023-11-2901:15:07

CWE-120

mitre

web.nvd.nist.gov

zumtobel

netlink ccd

firmware

buffer overflow

vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.0%

JSON

Zumtobel Netlink CCD Onboard v3.74 - Firmware v3.80 was discovered to contain a buffer overflow via the component NetlinkWeb::Information::SetDeviceIdentification.

Affected configurations

Nvd

Node

zumtobelnetlink_ccdMatch3.74

AND

zumtobelnetlink_ccd_firmwareMatch3.80

VendorProductVersionCPE
zumtobelnetlink_ccd3.74cpe:2.3:h:zumtobel:netlink_ccd:3.74:*:*:*:*:*:*:*
zumtobelnetlink_ccd_firmware3.80cpe:2.3:o:zumtobel:netlink_ccd_firmware:3.80:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zumtobel	netlink_ccd	3.74	cpe:2.3:h:zumtobel:netlink_ccd:3.74:::::::*
zumtobel	netlink_ccd_firmware	3.80	cpe:2.3:o:zumtobel:netlink_ccd_firmware:3.80:::::::*

References

zumtobel.com

yoroi.company/en/research/cve-advisory-partial-disclosure-zumtobel-multiple-vulnerabilities/

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

17.0%

JSON

Related for CVE-2023-24294