Lucene search

[email protected]NVD:CVE-2023-34217

HistoryAug 17, 2023 - 7:15 a.m.

CVE-2023-34217

2023-08-1707:15:43

CWE-22

[email protected]

web.nvd.nist.gov

cve-2023-34217

command-injection

input validation

certificate-delete

arbitrary files

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

8 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.4%

JSON

TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-delete function, which could potentially allow malicious users to delete arbitrary files.

Affected configurations

NVD

Node

moxatn-5900_firmwareRange≤3.3

AND

moxatn-5900Match-

Node

moxatn-4900_firmwareRange≤1.2.4

AND

moxatn-4900Match-

References

www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

8 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.4%

JSON

Related for NVD:CVE-2023-34217

cvelist1 cve1 prion1 cnvd1