Lucene search

CyberDanubeCVE-2023-3654

HistoryOct 03, 2023 - 9:15 a.m.

CVE-2023-3654

2023-10-0309:15:10

CWE-346

CyberDanube

web.nvd.nist.gov

cashit

pos devices

origin bypass

vulnerability

http endpoint

network security

nvd

cve-2023-3654

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.001

Percentile

41.3%

JSON

cashIT! - serving solutions. Devices from “PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH” to 03.A06rks 2023.02.37 are affected by a origin bypass via the host header in an HTTP request. This vulnerability can be triggered by an HTTP endpoint exposed to the network.

Affected configurations

Nvd

Node

cashitcashit\!Range≤03.a06rks_2023.02.37

VendorProductVersionCPE
cashitcashit\!*cpe:2.3:a:cashit:cashit\!:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cashit	cashit\!	*	cpe:2.3:a:cashit:cashit\!::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "cashIT! - serving solutions.",
    "vendor": "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH",
    "versions": [
      {
        "lessThanOrEqual": "03.A06rks 2023.02.37",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

doi.org/10.35011/ww2q-d522

www.cashit.at/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.001

Percentile

41.3%

JSON

Related for CVE-2023-3654