Lucene search

[email protected]CVE-2023-41356

HistoryNov 03, 2023 - 7:15 a.m.

CVE-2023-41356

2023-11-0307:15:14

CWE-639

[email protected]

web.nvd.nist.gov

ncsist

manageengine

mobile device manager

mdm

path traversal

vulnerability

authentication bypass

system files

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.9%

JSON

NCSIST ManageEngine Mobile Device Manager(MDM) APP’s special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files.

Affected configurations

NVD

Node

wisdomgardentronclass_ilearnMatch1.62.41849hotfix-v1-62-84ccf1a5

CPENameOperatorVersion
wisdomgarden:tronclass_ilearnwisdomgarden tronclass ilearneq1.62.41849

CPE	Name	Operator	Version
wisdomgarden:tronclass_ilearn	wisdomgarden tronclass ilearn	eq	1.62.41849

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Tronclass ilearn",
    "vendor": "WisdomGarden",
    "versions": [
      {
        "status": "affected",
        "version": "V1.4 2021/09/14"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-7506-b4e29-1.html

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.9%

JSON

Related for CVE-2023-41356

cvelist1 nvd1 prion1