Lucene search

TwcertCVELIST:CVE-2023-25909

HistoryMar 27, 2023 - 12:00 a.m.

CVE-2023-25909 HGiga Inc. OAKlouds - Arbitrary File Upload

2023-03-2700:00:00

CWE-434

twcert

www.cve.org

cve-2023-25909

hgiga inc

oaklouds

arbitrary file upload

unauthenticated remote attacker

executable files

disrupt service

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.3%

JSON

HGiga OAKlouds file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary command or disrupt service.

CNA Affected

[
  {
    "vendor": "HGIGA INC.",
    "product": "HGiga OAKlouds",
    "versions": [
      {
        "version": "2",
        "status": "affected"
      },
      {
        "version": "3",
        "status": "affected"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-6973-45872-1.html

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.3%

JSON

Related for CVELIST:CVE-2023-25909