Lucene search

[email protected]NVD:CVE-2023-43849

HistoryMay 28, 2024 - 7:15 p.m.

CVE-2023-43849

2024-05-2819:15:09

CWE-284

[email protected]

web.nvd.nist.gov

nvd

cve-2023-43849

access control

firmware upgrade

web interface

aten pe6208

remote authenticated users

http post requests

dos

remote code execution

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

Low

JSON

Incorrect access control in firmware upgrade function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to submit a firmware image via HTTP POST requests. This may result in DoS or remote code execution.

References

github.com/setersora/pe6208

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

Low

JSON

Related for NVD:CVE-2023-43849

cvelist1 cve1 vulnrichment1