Japan Vulnerability NotesJVN:19748237JVN#19748237: Multiple vulnerabilities in Panasonic AiSEG2
9.6 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
55.9%
Panasonic AiSEG2 contains multiple vulnerabilities listed below.
OS Command Injection (CWE-78) - CVE-2023-28726
| Version | Vector | Score |
|---|---|---|
| CVSS v3 | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | Base Score: 7.5 |
| CVSS v2 | AV:N/AC:H/Au:S/C:C/I:C/A:C | Base Score: 7.1 |
Improper Authentication (CWE-287) - CVE-2023-28727
| Version | Vector | Score |
|---|---|---|
| CVSS v3 | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H | Base Score: 9.6 |
| CVSS v2 | AV:A/AC:L/Au:N/C:P/I:P/A:P | Base Score: 5.8 |
Impact
- A remote attacker who can login to the product may execute an arbitrary OS command - CVE-2023-28726
- A network-adjacent attacker may bypass authentication for the product - CVE-2023-28727
Solution
Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
Products Affected
CVE-2023-28726
-
AiSEG2 firmware Ver. 2.80F to 2.93A
CVE-2023-28727 -
AiSEG2 firmware Ver. 2.00J to 2.93A
Related
9.6 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
55.9%