Lucene search

TwcertCVELIST:CVE-2023-48390

HistoryDec 15, 2023 - 8:55 a.m.

CVE-2023-48390 Multisuns EasyLog web+ - Command Injection

2023-12-1508:55:08

CWE-94

twcert

www.cve.org

multisuns

easylog

code injection

vulnerability

remote attacker

system operations

disrupt service

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.1%

JSON

Multisuns EasyLog web+ has a code injection vulnerability. An unauthenticated remote attacker can exploit this vulnerability to inject code and access the system to perform arbitrary system operations or disrupt service.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "EasyLog web+",
    "vendor": "Multisuns",
    "versions": [
      {
        "status": "affected",
        "version": "1.13.2.8"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-7605-2d86d-1.html

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.1%

JSON

Related for CVELIST:CVE-2023-48390