Lucene search

[email protected]CVE-2023-25914

HistoryAug 21, 2023 - 9:15 p.m.

CVE-2023-25914

2023-08-2121:15:08

CWE-22

[email protected]

web.nvd.nist.gov

cve

2023

25914

improper restriction

attackers

system files

xml interface

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

38.4%

JSON

Due to improper restriction, attackers could retrieve and read system files of the underlying server through the XML interface.

CPENameOperatorVersion
danfoss:ak-sm_800a_firmwaredanfoss ak-sm 800a firmwarele3.3
danfoss:ak-sm_800a_firmwaredanfoss ak-sm 800a firmwareeq-
danfoss:ak-sm_800a_firmwaredanfoss ak-sm 800a firmwareeq3.3

CPE	Name	Operator	Version
danfoss:ak-sm_800a_firmware	danfoss ak-sm 800a firmware	le	3.3
danfoss:ak-sm_800a_firmware	danfoss ak-sm 800a firmware	eq	-
danfoss:ak-sm_800a_firmware	danfoss ak-sm 800a firmware	eq	3.3

References

csirt.divd.nl/CVE-2023-25914

csirt.divd.nl/DIVD-2023-00025

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

38.4%

JSON

Related for CVE-2023-25914

cvelist1 prion1