Lucene search

BoschCVELIST:CVE-2023-34999

HistorySep 18, 2023 - 10:16 a.m.

CVE-2023-34999

2023-09-1810:16:14

bosch

www.cve.org

cve-2023-34999

rts vlink virtual matrix software

command injection

arbitrary code execution

admin web interface

8.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

22.9%

JSON

A command injection vulnerability exists in RTS VLink Virtual Matrix Software Versions v5 (< 5.7.6) and v6 (< 6.5.0) that allows an attacker to perform arbitrary code execution via the admin web interface.

CNA Affected

[
  {
    "vendor": "RTS",
    "product": "VLink Virtual Matrix Software",
    "platforms": [
      "Windows"
    ],
    "versions": [
      {
        "version": "5.0.0",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "5.7.6"
      },
      {
        "version": "6.0.0",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "6.5.0"
      }
    ]
  }
]

References

psirt.bosch.com/security-advisories/BOSCH-SA-893251-BT.html

8.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

22.9%

JSON

Related for CVELIST:CVE-2023-34999