Lucene search

[email protected]NVD:CVE-2023-3643

HistoryJul 12, 2023 - 6:15 p.m.

CVE-2023-3643

2023-07-1218:15:09

CWE-73

[email protected]

web.nvd.nist.gov

vulnerability

boss mini

file inclusion

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

30.9%

JSON

A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been classified as critical. This affects an unknown part of the file boss/servlet/document. The manipulation of the argument path leads to file inclusion. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-233889 was assigned to this vulnerability.

Affected configurations

NVD

Node

carelboss_mini_firmwareMatch1.4.0build_6221

AND

carelboss_miniMatch-

References

drive.google.com/file/d/1RXmDUAjqZvWSvHUrfRerz7My6M3KX7YG/view

vuldb.com/?ctiid.233889

vuldb.com/?id.233889

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

30.9%

JSON

Related for NVD:CVE-2023-3643

zdt1 packetstorm1 exploitdb1 cve1 prion1 cvelist1 ics1