Lucene search

[email protected]NVD:CVE-2023-22304

HistoryJan 17, 2023 - 10:15 a.m.

CVE-2023-22304

2023-01-1710:15:11

CWE-78

[email protected]

web.nvd.nist.gov

vulnerability

pix-rt100

command injection

network-adjacent attacker

product settings

arbitrary os command

8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

9.6%

JSON

OS command injection vulnerability in PIX-RT100 versions RT100_TEQ_2.1.1_EQ101 and RT100_TEQ_2.1.2_EQ101 allows a network-adjacent attacker who can access product settings to execute an arbitrary OS command.

Affected configurations

NVD

Node

pixelapix-rt100_firmwareMatch2.1.1_eq101

pixelapix-rt100_firmwareMatch2.1.2_eq101

AND

pixelapix-rt100Match-

References

jvn.jp/en/jp/JVN57296685/index.html

www.pixela.co.jp/products/network/pix_rt100/update.html

8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

9.6%

JSON

Related for NVD:CVE-2023-22304

cvelist1 cve1 prion1 jvn1