Lucene search

[email protected]NVD:CVE-2023-41966

HistoryOct 26, 2023 - 5:15 p.m.

CVE-2023-41966

2023-10-2617:15:08

CWE-269

CWE-267

[email protected]

web.nvd.nist.gov

application security

privilege escalation

http post

cve-2023-41966

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.3%

JSON

The application suffers from a privilege escalation vulnerability. A
user with read permissions can elevate privileges by sending a HTTP POST
to set a parameter.

Affected configurations

NVD

Node

sielcoanalog_fm_transmitter_exc5000gx_firmwareMatch-

AND

sielcoanalog_fm_transmitter_exc5000gxMatch2.12

Node

sielcoanalog_fm_transmitter_exc120gx_firmwareMatch-

AND

sielcoanalog_fm_transmitter_exc120gxMatch2.12

Node

sielcoanalog_fm_transmitter_exc300gx_firmwareMatch-

AND

sielcoanalog_fm_transmitter_exc300gxMatch2.11

Node

sielcoanalog_fm_transmitter_exc1600gx_firmwareMatch-

AND

sielcoanalog_fm_transmitter_exc1600gxMatch2.10

Node

sielcoanalog_fm_transmitter_exc2000gx_firmwareMatch-

AND

sielcoanalog_fm_transmitter_exc2000gxMatch2.10

Node

sielcoanalog_fm_transmitter_exc1600gx_firmwareMatch-

AND

sielcoanalog_fm_transmitter_exc1600gxMatch2.08

Node

sielcoanalog_fm_transmitter_exc1000gxMatch2.08

AND

sielcoanalog_fm_transmitter_exc1000gx_firmwareMatch-

Node

sielcoanalog_fm_transmitter_exc3000gxMatch2.07

AND

sielcoanalog_fm_transmitter_exc3000gx_firmwareMatch-

Node

sielcoanalog_fm_transmitter_exc5000gxMatch2.06

AND

sielcoanalog_fm_transmitter_exc5000gx_firmwareMatch-

Node

sielcoanalog_fm_transmitter_exc30gtMatch1.7.7

AND

sielcoanalog_fm_transmitter_exc30gt_firmwareMatch-

Node

sielcoanalog_fm_transmitter_exc300gtMatch1.7.4

AND

sielcoanalog_fm_transmitter_exc300gt_firmwareMatch-

Node

sielcoanalog_fm_transmitter_exc100gtMatch1.7.4

AND

sielcoanalog_fm_transmitter_exc100gt_firmwareMatch-

Node

sielcoanalog_fm_transmitter_exc5000gtMatch1.7.4

AND

sielcoanalog_fm_transmitter_exc5000gt_firmwareMatch-

Node

sielcoanalog_fm_transmitter_exc1000gtMatch1.6.3

AND

sielcoanalog_fm_transmitter_exc1000gt_firmwareMatch-

Node

sielcoanalog_fm_transmitter_exc120gtMatch1.5.4

AND

sielcoanalog_fm_transmitter_exc120gt_firmwareMatch-

Node

sielcoradio_link_rtx19_firmwareMatch-

AND

sielcoradio_link_rtx19Match2.06

Node

sielcoradio_link_rtx19_firmwareMatch-

AND

sielcoradio_link_rtx19Match2.05

Node

sielcoradio_link_exc19_firmwareMatch-

AND

sielcoradio_link_exc19Match2.00

Node

sielcoradio_link_rtx19_firmwareMatch-

AND

sielcoradio_link_rtx19Match1.60

Node

sielcoradio_link_rtx19_firmwareMatch-

AND

sielcoradio_link_rtx19Match1.59

Node

sielcoradio_link_exc19_firmwareMatch-

AND

sielcoradio_link_exc19Match1.55

References

www.cisa.gov/news-events/ics-advisories/icsa-23-299-08

www.sielco.org/en/contacts

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.3%

JSON

Related for NVD:CVE-2023-41966

cve1 zeroscience2 prion1 cvelist1 ics1