Lucene search

[email protected]CVE-2023-25909

HistoryMar 27, 2023 - 4:15 a.m.

CVE-2023-25909

2023-03-2704:15:10

CWE-434

[email protected]

web.nvd.nist.gov

cve-2023-25909

hgiga oaklouds

file upload vulnerability

remote code execution

unauthenticated access

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.3%

JSON

HGiga OAKlouds file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary command or disrupt service.

Affected configurations

NVD

Node

hgigaoaklouds_portalRange2.0–2.0-10

hgigaoaklouds_portalRange3.0–3.0-10

CPENameOperatorVersion
hgiga:oaklouds_portalhgiga oaklouds portallt2.0-10
hgiga:oaklouds_portalhgiga oaklouds portallt3.0-10

CPE	Name	Operator	Version
hgiga:oaklouds_portal	hgiga oaklouds portal	lt	2.0-10
hgiga:oaklouds_portal	hgiga oaklouds portal	lt	3.0-10

CNA Affected

[
  {
    "vendor": "HGIGA INC.",
    "product": "HGiga OAKlouds",
    "versions": [
      {
        "version": "2",
        "status": "affected"
      },
      {
        "version": "3",
        "status": "affected"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-6973-45872-1.html

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.3%

JSON

Related for CVE-2023-25909

cvelist1 nvd1 prion1