Lucene search

[email protected]CVE-2023-3103

HistoryNov 22, 2023 - 12:15 p.m.

CVE-2023-3103

2023-11-2212:15:22

CWE-290

[email protected]

web.nvd.nist.gov

cve

2023

3103

authentication

bypass

vulnerability

mitm

dos

nvd

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.0005 Low

EPSS

Percentile

15.2%

JSON

Authentication bypass vulnerability, the exploitation of which could allow a local attacker to perform a Man-in-the-Middle (MITM) attack on the robot’s camera video stream. In addition, if a MITM attack is carried out, it is possible to consume the robot’s resources, which could lead to a denial-of-service (DOS) condition.

CPENameOperatorVersion
unitree:a1_firmwareunitree a1 firmwareeq-

CPE	Name	Operator	Version
unitree:a1_firmware	unitree a1 firmware	eq	-

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-unitree-robotics-a1

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.0005 Low

EPSS

Percentile

15.2%

JSON

Related for CVE-2023-3103

prion1 cvelist1