Lucene search

[email protected]CVE-2023-28390

HistoryMay 23, 2023 - 2:15 a.m.

CVE-2023-28390

2023-05-2302:15:10

[email protected]

web.nvd.nist.gov

cve-2023-28390

privilege escalation

sr-7100vn

firmware

vulnerability

nvd

6.8 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Privilege escalation vulnerability in SR-7100VN firmware Ver.1.38(N) and earlier and SR-7100VN #31 firmware Ver.1.21 and earlier allows a network-adjacent attacker with administrative privilege of the affected product to obtain an administrative privilege of the OS (Operating System). As a result, an arbitrary OS command may be executed.

Affected configurations

NVD

Node

icomsr-7100vn_firmwareRange<1.39\(n\)

AND

icomsr-7100vnMatch-

Node

icomsr-7100vn\#31_firmwareRange<1.22

AND

icomsr-7100vn\#31Match-

CPENameOperatorVersion
icom:sr-7100vn_firmwareicom sr-7100vn firmwarelt1.39\(n\)

CPE	Name	Operator	Version
icom:sr-7100vn_firmware	icom sr-7100vn firmware	lt	1.39\(n\)

CNA Affected

[
  {
    "vendor": "ICOM INCORPORATED",
    "product": "SR-7100VN",
    "versions": [
      {
        "version": "SR-7100VN firmware Ver.1.38(N) and earlier, and SR-7100VN #31 firmware Ver.1.21 and earlier",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN80476232/

www.icom.co.jp/news/7239/

6.8 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-28390

nvd1 cvelist1 jvn1 prion1