CVE-2023-37569

2023-08-0809:15:10

CWE-78

CERT-In

web.nvd.nist.gov

cve

2023

37569

esds emagic

data center

management suit

input sanitization

remote code execution

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.01

Percentile

84.0%

JSON

This vulnerability exists in ESDS Emagic Data Center Management Suit due to lack of input sanitization in its Ping component. A remote authenticated attacker could exploit this by injecting OS commands on the targeted system.

Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on targeted system.

Affected configurations

Nvd

Node

esds.coemagic_data_center_managementRange≤6.0

VendorProductVersionCPE
esds.coemagic_data_center_management*cpe:2.3:a:esds.co:emagic_data_center_management:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
esds.co	emagic_data_center_management	*	cpe:2.3:a:esds.co:emagic_data_center_management::::::::

CNA Affected

[
  {
    "vendor": "ESDS",
    "product": "Emagic Data Center Management Suite",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThanOrEqual": "V6.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]