Lucene search

[email protected]CVE-2023-4659

HistoryOct 02, 2023 - 3:15 p.m.

CVE-2023-4659

2023-10-0215:15:15

CWE-352

[email protected]

web.nvd.nist.gov

cve-2023-4659

cross-site request forgery

csrf

exploitation

security vulnerability

administrator

token

remote user

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.8%

JSON

Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform as an administrator, simply by changing the token value to “admin”. It is also possible to perform POST, GET and DELETE requests without any token value. Therefore, an unprivileged remote user is able to create, delete and modify users within theapplication.

Affected configurations

Vulners

NVD

Node

free5gcfree5gcRange≤1.1.1

VendorProductVersionCPE
free5gcfree5gc*cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
free5gc	free5gc	*	cpe:2.3:a:free5gc:free5gc::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Open5Gc",
    "vendor": "Free5Gc",
    "versions": [
      {
        "status": "affected",
        "version": "1.1.1"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/cross-site-request-forgery-free5gc

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.8%

JSON

Related for CVE-2023-4659

nvd1 cvelist1 prion1