Lucene search

INCDCVE-2023-24500

HistoryApr 17, 2023 - 10:15 p.m.

CVE-2023-24500

2023-04-1722:15:08

INCD

web.nvd.nist.gov

electra

central ac

unauthorized fw

nvd

cve-2023-24500

CVSS3

7.5

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.4

Confidence

High

EPSS

Percentile

15.5%

JSON

Electra Central AC unit – Adjacent attacker may cause the unit to load unauthorized FW.

Affected configurations

Nvd

Node

electra-aircentral_ac_unitMatch-

AND

electra-aircentral_ac_unit_firmwareMatchv7

electra-aircentral_ac_unit_firmwareMatchv8

VendorProductVersionCPE
electra-aircentral_ac_unit-cpe:2.3:h:electra-air:central_ac_unit:-:*:*:*:*:*:*:*
electra-aircentral_ac_unit_firmwarev7cpe:2.3:o:electra-air:central_ac_unit_firmware:v7:*:*:*:*:*:*:*
electra-aircentral_ac_unit_firmwarev8cpe:2.3:o:electra-air:central_ac_unit_firmware:v8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
electra-air	central_ac_unit	-	cpe:2.3:h:electra-air:central_ac_unit:-:::::::*
electra-air	central_ac_unit_firmware	v7	cpe:2.3:o:electra-air:central_ac_unit_firmware:v7:::::::*
electra-air	central_ac_unit_firmware	v8	cpe:2.3:o:electra-air:central_ac_unit_firmware:v8:::::::*

CNA Affected

[
  {
    "vendor": "Electra",
    "product": "Electra Central AC unit",
    "versions": [
      {
        "version": "Update to the latest version",
        "status": "affected"
      }
    ]
  }
]

References

www.gov.il/en/Departments/faq/cve_advisories

CVSS3

7.5

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.4

Confidence

High

EPSS

Percentile

15.5%

JSON

Related for CVE-2023-24500