Lucene search

[email protected]NVD:CVE-2023-22335

HistoryMar 06, 2023 - 12:15 a.m.

CVE-2023-22335

2023-03-0600:15:10

[email protected]

web.nvd.nist.gov

improper access control

vulnerability

remote attacker

download

arbitrary file

execute

arbitrary code

system privileges

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

9.1

Confidence

High

EPSS

0.004

Percentile

73.5%

JSON

Improper access control vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to bypass access restriction and download an arbitrary file of the directory where the product runs. As a result of exploiting this vulnerability with CVE-2023-22336 and CVE-2023-22344 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device.

Affected configurations

Nvd

Node

dos-osakarakuraku_pc_cloud_agentRange≤2.1.8

dos-osakass1Range≤13.0.0.40

VendorProductVersionCPE
dos-osakarakuraku_pc_cloud_agent*cpe:2.3:a:dos-osaka:rakuraku_pc_cloud_agent:*:*:*:*:*:*:*:*
dos-osakass1*cpe:2.3:a:dos-osaka:ss1:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dos-osaka	rakuraku_pc_cloud_agent	*	cpe:2.3:a:dos-osaka:rakuraku_pc_cloud_agent::::::::
dos-osaka	ss1	*	cpe:2.3:a:dos-osaka:ss1::::::::

References

jvn.jp/en/jp/JVN57224029/

www.dos-osaka.co.jp/news/2023/03/230301.html

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

9.1

Confidence

High

EPSS

0.004

Percentile

73.5%

JSON

Related for NVD:CVE-2023-22335

cvelist3 jvn1 cve3 prion3 nvd2