Lucene search

CyberDanubeCVELIST:CVE-2023-3656

HistoryOct 03, 2023 - 7:39 a.m.

CVE-2023-3656 Unauthenticated Remote Code Execution

2023-10-0307:39:53

CWE-749

CWE-94

CyberDanube

www.cve.org

cve-2023-3656

unauthenticated

remote code execution

cashit! devices

pos/ dienstleistung

entwicklung & vertrieb gmbh

http endpoint

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.014

Percentile

86.8%

JSON

cashIT! - serving solutions. Devices from “PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH” to 03.A06rks 2023.02.37 are affected by an unauthenticated remote code execution vulnerability. This vulnerability can be triggered by an HTTP endpoint exposed to the network.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "cashIT! - serving solutions.",
    "vendor": "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH",
    "versions": [
      {
        "lessThanOrEqual": "03.A06rks",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

doi.org/10.35011/ww2q-d522

www.cashit.at/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.014

Percentile

86.8%

JSON

Related for CVELIST:CVE-2023-3656