Lucene search

MitreCVE-2023-29711

HistoryJun 22, 2023 - 12:15 p.m.

CVE-2023-29711

2023-06-2212:15:11

mitre

web.nvd.nist.gov

cve-2023-29711

incorrect access control

interlink psg-5124

arbitrary code execution

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.004

Percentile

74.2%

JSON

An incorrect access control issue was discovered in Interlink PSG-5124 version 1.0.4, allows attackers to execute arbitrary code via crafted GET request.

Affected configurations

Nvd

Node

interlinkpsg-5124_firmwareMatch1.0.4

AND

interlinkpsg-5124Match-

VendorProductVersionCPE
interlinkpsg-5124_firmware1.0.4cpe:2.3:o:interlink:psg-5124_firmware:1.0.4:*:*:*:*:*:*:*
interlinkpsg-5124-cpe:2.3:h:interlink:psg-5124:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
interlink	psg-5124_firmware	1.0.4	cpe:2.3:o:interlink:psg-5124_firmware:1.0.4:::::::*
interlink	psg-5124	-	cpe:2.3:h:interlink:psg-5124:-:::::::*

References

github.com/shellpei/LINK-Unauthorized/blob/main/CVE-2023-29711

holistic-height-e6d.notion.site/LINK-PSG-5124-Switch-remote-command-vulnerability-da4fd8fb450d42879b07ef3a953a2366

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.004

Percentile

74.2%

JSON

Related for CVE-2023-29711