Lucene search

MitreCVE-2023-38378

HistoryJul 16, 2023 - 5:15 p.m.

CVE-2023-38378

2023-07-1617:15:09

CWE-78

mitre

web.nvd.nist.gov

rigol

mso5000

oscilloscope

firmware

remote code execution

cve-2023-38378

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.008

Percentile

81.5%

JSON

The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to execute arbitrary code via shell metacharacters in pass1 to the webcontrol changepwd.cgi application.

Affected configurations

Nvd

Node

rigolmso5000_firmwareMatch00.01.03.00.03

AND

rigolmso5000Match-

VendorProductVersionCPE
rigolmso5000_firmware00.01.03.00.03cpe:2.3:o:rigol:mso5000_firmware:00.01.03.00.03:*:*:*:*:*:*:*
rigolmso5000-cpe:2.3:h:rigol:mso5000:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rigol	mso5000_firmware	00.01.03.00.03	cpe:2.3:o:rigol:mso5000_firmware:00.01.03.00.03:::::::*
rigol	mso5000	-	cpe:2.3:h:rigol:mso5000:-:::::::*

References

news.ycombinator.com/item?id=36745664

tortel.li/post/insecure-scope/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.008

Percentile

81.5%

JSON

Related for CVE-2023-38378