Lucene search

[email protected]CVE-2023-41966

HistoryOct 26, 2023 - 5:15 p.m.

CVE-2023-41966

2023-10-2617:15:08

CWE-267

CWE-269

[email protected]

web.nvd.nist.gov

cve-2023-41966

privilege escalation

application security

http post

vulnerability

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.5%

JSON

The application suffers from a privilege escalation vulnerability. A
user with read permissions can elevate privileges by sending a HTTP POST
to set a parameter.

Affected configurations

NVD

Node

sielcoanalog_fm_transmitter_exc5000gx_firmwareMatch-

AND

sielcoanalog_fm_transmitter_exc5000gxMatch2.12

Node

sielcoanalog_fm_transmitter_exc120gx_firmwareMatch-

AND

sielcoanalog_fm_transmitter_exc120gxMatch2.12

Node

sielcoanalog_fm_transmitter_exc300gx_firmwareMatch-

AND

sielcoanalog_fm_transmitter_exc300gxMatch2.11

Node

sielcoanalog_fm_transmitter_exc1600gx_firmwareMatch-

AND

sielcoanalog_fm_transmitter_exc1600gxMatch2.10

Node

sielcoanalog_fm_transmitter_exc2000gx_firmwareMatch-

AND

sielcoanalog_fm_transmitter_exc2000gxMatch2.10

Node

sielcoanalog_fm_transmitter_exc1600gx_firmwareMatch-

AND

sielcoanalog_fm_transmitter_exc1600gxMatch2.08

Node

sielcoanalog_fm_transmitter_exc1000gxMatch2.08

AND

sielcoanalog_fm_transmitter_exc1000gx_firmwareMatch-

Node

sielcoanalog_fm_transmitter_exc3000gxMatch2.07

AND

sielcoanalog_fm_transmitter_exc3000gx_firmwareMatch-

Node

sielcoanalog_fm_transmitter_exc5000gxMatch2.06

AND

sielcoanalog_fm_transmitter_exc5000gx_firmwareMatch-

Node

sielcoanalog_fm_transmitter_exc30gtMatch1.7.7

AND

sielcoanalog_fm_transmitter_exc30gt_firmwareMatch-

Node

sielcoanalog_fm_transmitter_exc300gtMatch1.7.4

AND

sielcoanalog_fm_transmitter_exc300gt_firmwareMatch-

Node

sielcoanalog_fm_transmitter_exc100gtMatch1.7.4

AND

sielcoanalog_fm_transmitter_exc100gt_firmwareMatch-

Node

sielcoanalog_fm_transmitter_exc5000gtMatch1.7.4

AND

sielcoanalog_fm_transmitter_exc5000gt_firmwareMatch-

Node

sielcoanalog_fm_transmitter_exc1000gtMatch1.6.3

AND

sielcoanalog_fm_transmitter_exc1000gt_firmwareMatch-

Node

sielcoanalog_fm_transmitter_exc120gtMatch1.5.4

AND

sielcoanalog_fm_transmitter_exc120gt_firmwareMatch-

Node

sielcoradio_link_rtx19_firmwareMatch-

AND

sielcoradio_link_rtx19Match2.06

Node

sielcoradio_link_rtx19_firmwareMatch-

AND

sielcoradio_link_rtx19Match2.05

Node

sielcoradio_link_exc19_firmwareMatch-

AND

sielcoradio_link_exc19Match2.00

Node

sielcoradio_link_rtx19_firmwareMatch-

AND

sielcoradio_link_rtx19Match1.60

Node

sielcoradio_link_rtx19_firmwareMatch-

AND

sielcoradio_link_rtx19Match1.59

Node

sielcoradio_link_exc19_firmwareMatch-

AND

sielcoradio_link_exc19Match1.55

CPENameOperatorVersion
sielco:analog_fm_transmitter_exc5000gx_firmwaresielco analog fm transmitter exc5000gx firmwareeq-

CPE	Name	Operator	Version
sielco:analog_fm_transmitter_exc5000gx_firmware	sielco analog fm transmitter exc5000gx firmware	eq	-

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Analog FM transmitter",
    "vendor": "Sielco",
    "versions": [
      {
        "status": "affected",
        "version": "2.12 (EXC5000GX)"
      },
      {
        "status": "affected",
        "version": "2.12 (EXC120GX)"
      },
      {
        "status": "affected",
        "version": "2.11 (EXC300GX)"
      },
      {
        "status": "affected",
        "version": "2.10 (EXC1600GX)"
      },
      {
        "status": "affected",
        "version": "2.10 (EXC2000GX)"
      },
      {
        "status": "affected",
        "version": "2.08 (EXC1600GX)"
      },
      {
        "status": "affected",
        "version": "2.08 (EXC1000GX)"
      },
      {
        "status": "affected",
        "version": "2.07 (EXC3000GX)"
      },
      {
        "status": "affected",
        "version": "2.06 (EXC5000GX)"
      },
      {
        "status": "affected",
        "version": "1.7.7 (EXC30GT)"
      },
      {
        "status": "affected",
        "version": "1.7.4 (EXC300GT)"
      },
      {
        "status": "affected",
        "version": "1.7.4 (EXC100GT)"
      },
      {
        "status": "affected",
        "version": "1.7.4 (EXC5000GT)"
      },
      {
        "status": "affected",
        "version": "1.6.3 (EXC1000GT)"
      },
      {
        "status": "affected",
        "version": "1.5.4 (EXC120GT)"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Radio Link",
    "vendor": "Sielco ",
    "versions": [
      {
        "status": "affected",
        "version": "2.06 (RTX19)"
      },
      {
        "status": "affected",
        "version": "2.05 (RTX19)"
      },
      {
        "status": "affected",
        "version": "2.00 (EXC19)"
      },
      {
        "status": "affected",
        "version": "1.60 (RTX19)"
      },
      {
        "status": "affected",
        "version": "1.59 (RTX19)"
      },
      {
        "status": "affected",
        "version": "1.55 (EXC19)"
      }
    ]
  }
]