Lucene search

[email protected]NVD:CVE-2023-38378

HistoryJul 16, 2023 - 5:15 p.m.

CVE-2023-38378

2023-07-1617:15:09

CWE-78

[email protected]

web.nvd.nist.gov

web interface

remote attackers

arbitrary code

shell metacharacters

webcontrol

changepwd.cgi

vulnerability

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.008

Percentile

81.5%

JSON

The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to execute arbitrary code via shell metacharacters in pass1 to the webcontrol changepwd.cgi application.

Affected configurations

Nvd

Node

rigolmso5000_firmwareMatch00.01.03.00.03

AND

rigolmso5000Match-

VendorProductVersionCPE
rigolmso5000_firmware00.01.03.00.03cpe:2.3:o:rigol:mso5000_firmware:00.01.03.00.03:*:*:*:*:*:*:*
rigolmso5000-cpe:2.3:h:rigol:mso5000:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rigol	mso5000_firmware	00.01.03.00.03	cpe:2.3:o:rigol:mso5000_firmware:00.01.03.00.03:::::::*
rigol	mso5000	-	cpe:2.3:h:rigol:mso5000:-:::::::*

References

news.ycombinator.com/item?id=36745664

tortel.li/post/insecure-scope/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.008

Percentile

81.5%

JSON

Related for NVD:CVE-2023-38378

cve1 prion1 cvelist1