Lucene search

K
cvelistIcscertCVELIST:CVE-2023-31193
HistoryMay 22, 2023 - 7:28 p.m.

CVE-2023-31193

2023-05-2219:28:43
CWE-319
icscert
www.cve.org
snap one
ovrc pro
vulnerability
http
download
exploitation

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

58.9%

Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a program from their servers. Because they do not use HTTPS, OvrC Pro devices are susceptible to exploitation.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "OvrC Cloud",
    "vendor": "Snap One",
    "versions": [
      {
        "lessThan": "7.3",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

58.9%

Related for CVELIST:CVE-2023-31193