Lucene search
IcscertCVELIST:CVE-2023-0351HistoryMar 13, 2023 - 8:22 p.m.
CVE-2023-0351 CVE-2023-0351
2023-03-1320:22:01
icscert
www.cve.org
6
akuvox e11
web server
command injection
phone-book contacts
file uploads
executable commands
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
9.1
Confidence
High
EPSS
0.001
Percentile
34.7%
The Akuvox E11 web server backend library allows command injection in the device phone-book contacts functionality. This could allow an attacker to upload files with executable command instructions.
CNA Affected
[
{
"vendor": "Akuvox",
"product": "E11",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
]Related
nvd
nvd
CVE-2023-0351
2023-03-13 21:15:13
cve
cve
CVE-2023-0351
2023-03-13 21:15:13
prion
prion
Command injection
2023-03-13 21:15:00
ics
ics
Akuvox E11
2023-03-09 12:00:00
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
9.1
Confidence
High
EPSS
0.001
Percentile
34.7%
Related for CVELIST:CVE-2023-0351