Lucene search

[email protected]NVD:CVE-2023-2378

HistoryApr 28, 2023 - 4:15 p.m.

CVE-2023-2378

2023-04-2816:15:10

CWE-77

[email protected]

web.nvd.nist.gov

ubiquiti

edgerouter

critical

web management interface

command injection

remote attack

exploit

vdb-227654

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

47.2%

JSON

A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been rated as critical. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation of the argument suffix-rate-up leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227654 is the identifier assigned to this vulnerability.

Affected configurations

Nvd

Node

uier-x_firmwareRange<2.0.9

uier-x_firmwareMatch2.0.9-

uier-x_firmwareMatch2.0.9hotfix2

uier-x_firmwareMatch2.0.9hotfix3

uier-x_firmwareMatch2.0.9hotfix4

uier-x_firmwareMatch2.0.9hotfix5

uier-x_firmwareMatch2.0.9hotfix6

AND

uier-xMatch-

Node

uier-x-sfp_firmwareRange<2.0.9

uier-x-sfp_firmwareMatch2.0.9-

uier-x-sfp_firmwareMatch2.0.9hotfix2

uier-x-sfp_firmwareMatch2.0.9hotfix3

uier-x-sfp_firmwareMatch2.0.9hotfix4

uier-x-sfp_firmwareMatch2.0.9hotfix5

uier-x-sfp_firmwareMatch2.0.9hotfix6

AND

uier-x-sfpMatch-

VendorProductVersionCPE
uier-x_firmware*cpe:2.3:o:ui:er-x_firmware:*:*:*:*:*:*:*:*
uier-x_firmware2.0.9cpe:2.3:o:ui:er-x_firmware:2.0.9:-:*:*:*:*:*:*
uier-x_firmware2.0.9cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix2:*:*:*:*:*:*
uier-x_firmware2.0.9cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix3:*:*:*:*:*:*
uier-x_firmware2.0.9cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix4:*:*:*:*:*:*
uier-x_firmware2.0.9cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix5:*:*:*:*:*:*
uier-x_firmware2.0.9cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix6:*:*:*:*:*:*
uier-x-cpe:2.3:h:ui:er-x:-:*:*:*:*:*:*:*
uier-x-sfp_firmware*cpe:2.3:o:ui:er-x-sfp_firmware:*:*:*:*:*:*:*:*
uier-x-sfp_firmware2.0.9cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:-:*:*:*:*:*:*

Vendor	Product	Version	CPE
ui	er-x_firmware	*	cpe:2.3:o:ui:er-x_firmware::::::::
ui	er-x_firmware	2.0.9	cpe:2.3:o:ui:er-x_firmware:2.0.9:-::::::
ui	er-x_firmware	2.0.9	cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix2::::::
ui	er-x_firmware	2.0.9	cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix3::::::
ui	er-x_firmware	2.0.9	cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix4::::::
ui	er-x_firmware	2.0.9	cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix5::::::
ui	er-x_firmware	2.0.9	cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix6::::::
ui	er-x	-	cpe:2.3:h:ui:er-x:-:::::::*
ui	er-x-sfp_firmware	*	cpe:2.3:o:ui:er-x-sfp_firmware::::::::
ui	er-x-sfp_firmware	2.0.9	cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:-::::::

Rows per page:

1-10 of 161

References

github.com/leetsun/IoT/tree/main/EdgeRouterX/CI/4

vuldb.com/?ctiid.227654

vuldb.com/?id.227654

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

47.2%

JSON

Related for NVD:CVE-2023-2378

cvelist1 prion1 cve1