Lucene search

[email protected]CVE-2023-3373

HistoryAug 04, 2023 - 12:15 a.m.

CVE-2023-3373

2023-08-0400:15:14

CWE-342

CWE-330

[email protected]

web.nvd.nist.gov

mitsubishi electric

got2000

gt21

got simple

gs21

vulnerability

session hijacking

dos

ftp server

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.8%

JSON

Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions 01.49.000 and prior allows a remote unauthenticated attacker to hijack data connections (session hijacking) or prevent legitimate users from establishing data connections (to cause DoS condition) by guessing the listening port of the data connection on FTP server and connecting to it.

Affected configurations

NVD

Node

mitsubishielectricgt21_firmwareRange<01.50.000

AND

mitsubishielectricgt21Match-

Node

mitsubishielectricgs21_firmwareRange<01.50.000

AND

mitsubishielectricgs21Match-

CPENameOperatorVersion
mitsubishielectric:gt21_firmwaremitsubishielectric gt21 firmwarelt01.50.000

CPE	Name	Operator	Version
mitsubishielectric:gt21_firmware	mitsubishielectric gt21 firmware	lt	01.50.000

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "GOT2000 Series GT21 model",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "01.49.000 and prior"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "GOT SIMPLE Series GS21 model",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "01.49.000 and prior"
      }
    ]
  }
]