Lucene search
INCDCVE-2023-24504HistoryApr 17, 2023 - 10:15 p.m.
CVE-2023-24504
2023-04-1722:15:08
INCD
web.nvd.nist.gov
17
electra
central ac
cve-2023-24504
vulnerability
unauthorized server connection
nvd
CVSS3
7.5
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
6.4
Confidence
High
EPSS
0
Percentile
15.5%
Electra Central AC unit – Adjacent attacker may cause the unit to connect to unauthorized update server.
Affected configurations
Node
electra-aircentral_ac_unit_firmwareMatchv7
ORelectra-aircentral_ac_unit_firmwareMatchv8
electra-aircentral_ac_unitMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| electra-air | central_ac_unit_firmware | v7 | cpe:2.3:o:electra-air:central_ac_unit_firmware:v7:*:*:*:*:*:*:* |
| electra-air | central_ac_unit_firmware | v8 | cpe:2.3:o:electra-air:central_ac_unit_firmware:v8:*:*:*:*:*:*:* |
| electra-air | central_ac_unit | - | cpe:2.3:h:electra-air:central_ac_unit:-:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Electra",
"product": "Central AC unit",
"versions": [
{
"version": "Update to the latest version",
"status": "affected",
"lessThan": "V7 & V8*",
"versionType": "custom"
}
]
}
]Related
cvelist
cvelist
prion
prion
Code injection
2023-04-17 22:15:00
nvd
nvd
CVE-2023-24504
2023-04-17 22:15:08
CVSS3
7.5
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
6.4
Confidence
High
EPSS
0
Percentile
15.5%
Related for CVE-2023-24504