Lucene search

TenableCVELIST:CVE-2023-7163

HistoryDec 28, 2023 - 3:37 p.m.

CVE-2023-7163 D-Link D-View 8 Unauthenticated Probe-Core Server Communication

2023-12-2815:37:35

CWE-20

tenable

www.cve.org

cve-2023-7163

d-link d-view 8

unauthenticated

probe-core

server communication

manipulate

disclosure

denial of service

execution

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.037 Low

EPSS

Percentile

91.8%

JSON

A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that could allow an attacker to manipulate the probe inventory of the D-View service. This could result in the disclosure of information from other probes, denial of service conditions due to the probe inventory becoming full, or the execution of tasks on other probes.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "D-View 8",
    "vendor": "D-Link",
    "versions": [
      {
        "lessThanOrEqual": "2.0.2.89",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

tenable.com/security/research/tra-2023-43

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.037 Low

EPSS

Percentile

91.8%

JSON

Related for CVELIST:CVE-2023-7163