Japan Vulnerability NotesJVN:80476232JVN#80476232: SR-7100VN vulnerable to privilege escalation
6.8 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
9.1%
SR-7100VN provided by ICOM INCORPORATED contains a privilege escalation vulnerability (CWE-268).
Impact
A user with an administrator privilege of the product may obtain administrative privileges of the OS (Operating System). As a result, an arbitrary OS command may be executed by the user.
Solution
Update the Firmware
Update the firmware according to the information provided by the developer.
The developer states that the vulnerability was fixed in the following versions:
- SR-7100VN firmware Ver.1.39(N)
- SR-7100VN #31 firmware Ver.1.22
Products Affected
- SR-7100VN firmware Ver.1.38(N) and earlier
- SR-7100VN #31 firmware Ver.1.21 and earlier
Related
6.8 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
9.1%