Lucene search

[email protected]NVD:CVE-2023-31245

HistoryMay 22, 2023 - 8:15 p.m.

CVE-2023-31245

2023-05-2220:15:10

CWE-601

[email protected]

web.nvd.nist.gov

devices

snap one ovrc cloud

vulnerability

web management interface

impersonation

redirection

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.8%

JSON

Devices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attackers could impersonate a device and supply malicious information about the device’s web server interface. By supplying malicious parameters, an attacker could redirect the user to arbitrary and dangerous locations on the web.

Affected configurations

NVD

Node

snaponeorvcRange<7.3.0pro

AND

control4ca-1Match-

control4ca-10Match-

control4ea-1Match-

control4ea-3Match-

control4ea-5Match-

snaponean-110-rt-2l1wMatch-

snaponean-110-rt-2l1w-wifiMatch-

snaponean-310-rt-4l2wMatch-

snaponeovrc-300-proMatch-

snaponepakedge_rk-1Match-

snaponepakedge_rt-3100Match-

snaponepakedge_wr-1Match-

References

www.cisa.gov/news-events/ics-advisories/icsa-23-136-01

www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdf

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.8%

JSON

Related for NVD:CVE-2023-31245

cvelist1 cve1 prion1 ics1