Lucene search

MoxaCVELIST:CVE-2023-34215

HistoryAug 17, 2023 - 6:35 a.m.

CVE-2023-34215 Second Order Command-injection Vulnerability in the Certificate-generation Function

2023-08-1706:35:06

CWE-77

Moxa

www.cve.org

cve-2023-34215

second order command-injection

vulnerability

certificate-generation

function

tn-5900 series firmware

remote code execution

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.9%

JSON

TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the certification-generation function, which could potentially allow malicious users to execute remote code on affected devices.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "TN-5900 Series",
    "vendor": "Moxa",
    "versions": [
      {
        "lessThanOrEqual": "3.3",
        "status": "affected",
        "version": "1.0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.9%

JSON

Related for CVELIST:CVE-2023-34215