Lucene search

INCIBECVELIST:CVE-2023-4659

HistoryOct 02, 2023 - 2:05 p.m.

CVE-2023-4659 Cross-Site Request Forgery in Free5Gc

2023-10-0214:05:20

CWE-352

INCIBE

www.cve.org

cve-2023-4659

cross-site request forgery

free5gc

unauthorized actions

administrator

post

get

delete requests

unprivileged

user modification

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.8%

JSON

Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform as an administrator, simply by changing the token value to “admin”. It is also possible to perform POST, GET and DELETE requests without any token value. Therefore, an unprivileged remote user is able to create, delete and modify users within theapplication.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Open5Gc",
    "vendor": "Free5Gc",
    "versions": [
      {
        "status": "affected",
        "version": "1.1.1"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/cross-site-request-forgery-free5gc

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.8%

JSON

Related for CVELIST:CVE-2023-4659