Lucene search

JpcertCVE-2023-29167

HistoryJun 13, 2023 - 10:15 a.m.

CVE-2023-29167

2023-06-1310:15:10

CWE-125

jpcert

web.nvd.nist.gov

cve-2023-29167

frenic rhc loader

out-of-bound reads

vulnerability

information disclosure

code execution

nvd

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

26.0%

JSON

Out-of-bound reads vulnerability exists in FRENIC RHC Loader v1.1.0.3. If a user opens a specially crafted FNE file, sensitive information on the system where the affected product is installed may be disclosed or arbitrary code may be executed.

Affected configurations

Nvd

Vulners

Node

fujielectricfrenic_rhc_loaderRange≤1.1.0.3

VendorProductVersionCPE
fujielectricfrenic_rhc_loader*cpe:2.3:a:fujielectric:frenic_rhc_loader:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fujielectric	frenic_rhc_loader	*	cpe:2.3:a:fujielectric:frenic_rhc_loader::::::::

CNA Affected

[
  {
    "vendor": "FUJI ELECTRIC CO., LTD.",
    "product": "FRENIC RHC Loader",
    "versions": [
      {
        "version": "v1.1.0.3 and earlier",
        "status": "affected"
      }
    ]
  }
]

References

felib.fujielectric.co.jp/download/details.htm?dataid=45829407&site=global&lang=en

jvn.jp/en/vu/JVNVU97809354/

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

26.0%

JSON

Related for CVE-2023-29167