Lucene search
HistoryJun 26, 2023 - 7:15 p.m.
CVE-2023-36252
ateme flamingo
xl
xs
remote code execution
denial of service
cve-2023-36252
nvd
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
43.6%
An issue in Ateme Flamingo XL v.3.6.20 and XS v.3.6.5 allows a remote authenticated attacker to execute arbitrary code and cause a denial of service via a the session expiration function.
Affected configurations
Node
atemeflamingo_xl_firmwareMatch3.6.20
atemeflamingo_xlMatch-
Node
atemeflamingo_xs_firmwareMatch3.6.5
atemeflamingo_xsMatch-
| CPE | Name | Operator | Version |
|---|---|---|---|
| ateme:flamingo_xl_firmware | ateme flamingo xl firmware | eq | 3.6.20 |
References
Related
prion
prion
Session fixation
2023-06-26 19:15:00
zeroscience
zeroscience
Anevia Flamingo XS 3.6.5 Authenticated Root Remote Code Execution
2023-06-11 00:00:00
Anevia Flamingo XL 3.6.20 Authenticated Root Remote Code Execution
2023-06-11 00:00:00
cvelist
cvelist
CVE-2023-36252
2023-06-26 00:00:00
nvd
nvd
CVE-2023-36252
2023-06-26 19:15:09
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
43.6%
Related for CVE-2023-36252