Lucene search

IcscertCVELIST:CVE-2023-31193

HistoryMay 22, 2023 - 7:28 p.m.

CVE-2023-31193

2023-05-2219:28:43

CWE-319

icscert

www.cve.org

snap one

ovrc pro

vulnerability

http

download

exploitation

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

60.9%

JSON

Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a program from their servers. Because they do not use HTTPS, OvrC Pro devices are susceptible to exploitation.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "OvrC Cloud",
    "vendor": "Snap One",
    "versions": [
      {
        "lessThan": "7.3",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-23-136-01

www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdf

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

60.9%

JSON

Related for CVELIST:CVE-2023-31193