Cisa-cgCVE-2023-4309CVE-2023-4309
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
30.0%
Election Services Co. (ESC) Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend database. ESC deactivated older and unused elections and enabled web application firewall (WAF) protection for current and future elections on or around 2023-08-12.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| electionservicesco | internet_election_service | - | cpe:2.3:a:electionservicesco:internet_election_service:-:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unknown",
"product": "Internet Election Service",
"vendor": "Election Services Co. (ESC)",
"versions": [
{
"lessThanOrEqual": "2023-08-12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
30.0%