Lucene search

K
cve[email protected]CVE-2023-3127
HistoryJul 11, 2023 - 10:15 p.m.

CVE-2023-3127

2023-07-1122:15:09
CWE-287
web.nvd.nist.gov
13
cve-2023-3127
istar ultra
istar ultra lt
istar ultra g2
istar edge g2
unauthenticated access
admin rights

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.8%

An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights.

Affected configurations

NVD
Node
johnsoncontrolsistar_ultraMatch-
AND
johnsoncontrolsistar_ultra_firmwareRange6.8.6–6.9.2
OR
johnsoncontrolsistar_ultra_firmwareMatch6.9.2-
Node
johnsoncontrolsistar_ultra_ltMatch-
AND
johnsoncontrolsistar_ultra_lt_firmwareRange6.8.6–6.9.2
OR
johnsoncontrolsistar_ultra_lt_firmwareMatch6.9.2-
Node
johnsoncontrolsistar_ultra_g2Match-
AND
johnsoncontrolsistar_ultra_g2_firmwareRange<6.9.2
OR
johnsoncontrolsistar_ultra_g2_firmwareMatch6.9.2-
Node
johnsoncontrolsedge_g2Match-
AND
johnsoncontrolsedge_g2_firmwareRange<6.9.2
OR
johnsoncontrolsedge_g2_firmwareMatch6.9.2-

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "iSTAR Ultra",
    "vendor": "Sensormatic Electronics, a subsidiary of Johnson Controls, Inc.",
    "versions": [
      {
        "lessThan": "6.9.2 CU01",
        "status": "affected",
        "version": ">6.8.6",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "iSTAR Ultra LT",
    "vendor": "Sensormatic Electronics, a subsidiary of Johnson Controls, Inc.",
    "versions": [
      {
        "lessThan": "6.9.2 CU01",
        "status": "affected",
        "version": ">6.8.6",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "iSTAR Ultra G2",
    "vendor": "Sensormatic Electronics, a subsidiary of Johnson Controls, Inc.",
    "versions": [
      {
        "lessThan": "6.9.2 CU01",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "iSTAR Edge G2",
    "vendor": "Sensormatic Electronics, a subsidiary of Johnson Controls, Inc.",
    "versions": [
      {
        "lessThan": "6.9.2 CU01",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.8%

Related for CVE-2023-3127