Lucene search

[email protected]NVD:CVE-2023-29152

HistoryJun 07, 2023 - 10:15 p.m.

CVE-2023-29152

2023-06-0722:15:09

CWE-285

[email protected]

web.nvd.nist.gov

filename parameter

request

file deletion

vuforia server

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

21.4%

JSON

By changing the filename parameter in the request, an attacker could
delete any file with the permissions of the Vuforia server account.

Affected configurations

Nvd

Node

ptcvuforia_studioRange<9.9

VendorProductVersionCPE
ptcvuforia_studio*cpe:2.3:a:ptc:vuforia_studio:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ptc	vuforia_studio	*	cpe:2.3:a:ptc:vuforia_studio::::::::

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13

www.cisa.gov/news-events/ics-advisories/icsa-23-131-13

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

21.4%

JSON

Related for NVD:CVE-2023-29152

cve1 prion1 cvelist1 ics1