Lucene search

TwcertCVE-2023-35850

HistorySep 18, 2023 - 3:15 a.m.

CVE-2023-35850

2023-09-1803:15:07

CWE-78

twcert

web.nvd.nist.gov

cve-2023-35850

sunnet

wmpro

portal

file management

vulnerability

remote attacker

administrator privilege

arbitrary system commands

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.002

Percentile

54.8%

JSON

SUNNET WMPro portal’s file management function has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege or a privileged account can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operations or disrupt service.

Affected configurations

Nvd

Node

sun.netwmproMatch5.0

VendorProductVersionCPE
sun.netwmpro5.0cpe:2.3:a:sun.net:wmpro:5.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sun.net	wmpro	5.0	cpe:2.3:a:sun.net:wmpro:5.0:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "WMPro",
    "vendor": "SUNNET",
    "versions": [
      {
        "status": "affected",
        "version": "V5"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-7373-4ef46-1.html

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.002

Percentile

54.8%

JSON

Related for CVE-2023-35850