Lucene search

[email protected]NVD:CVE-2023-32615

HistorySep 05, 2023 - 5:15 p.m.

CVE-2023-32615

2023-09-0517:15:08

CWE-73

CWE-610

[email protected]

web.nvd.nist.gov

file write vulnerability

oas engine

configuration functionality

open automation software

arbitrary file creation

arbitrary file overwrite

network requests

attacker

sequence of requests

trigger vulnerability

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

15.9%

JSON

A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability.

Affected configurations

NVD

Node

openautomationsoftwareoas_platformMatch18.00.0072

References

talosintelligence.com/vulnerability_reports/TALOS-2023-1771

www.talosintelligence.com/vulnerability_reports/TALOS-2023-1771

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

15.9%

JSON

Related for NVD:CVE-2023-32615

prion1 cve1 cvelist1 talos1 talosblog2