Lucene search

[email protected]NVD:CVE-2023-30261

HistoryJun 26, 2023 - 2:15 p.m.

CVE-2023-30261

2023-06-2614:15:10

CWE-78

[email protected]

web.nvd.nist.gov

command injection

openwb

vulnerability

remote attackers

arbitrary commands

crafted get request

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.004

Percentile

73.8%

JSON

Command Injection vulnerability in OpenWB 1.6 and 1.7 allows remote attackers to run arbitrary commands via crafted GET request.

Affected configurations

Nvd

Node

openwbopenwbMatch1.6

openwbopenwbMatch1.7

VendorProductVersionCPE
openwbopenwb1.6cpe:2.3:a:openwb:openwb:1.6:*:*:*:*:*:*:*
openwbopenwb1.7cpe:2.3:a:openwb:openwb:1.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openwb	openwb	1.6	cpe:2.3:a:openwb:openwb:1.6:::::::*
openwb	openwb	1.7	cpe:2.3:a:openwb:openwb:1.7:::::::*

References

eldstal.se/advisories/230329-openwb.html

github.com/snaptec/openWB/issues/2672

github.com/snaptec/openWB/pull/2673

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.004

Percentile

73.8%

JSON

Related for NVD:CVE-2023-30261

prion1 cvelist1 osv1 cve1