Lucene search

[email protected]NVD:CVE-2023-45498

HistoryOct 27, 2023 - 4:15 a.m.

CVE-2023-45498

2023-10-2704:15:10

CWE-77

[email protected]

web.nvd.nist.gov

vinchin backup & recovery

command injection

vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

69.6%

JSON

VinChin Backup & Recovery v5.0., v6.0., v6.7., and v7.0. was discovered to contain a command injection vulnerability.

Affected configurations

NVD

Node

vinchinvinchin_backup_and_recoveryRange5.0–7.0

References

packetstormsecurity.com/files/175397/VinChin-VMWare-Backup-7.0-Hardcoded-Credential-Remote-Code-Execution.html

packetstormsecurity.com/files/176289/Vinchin-Backup-And-Recovery-Command-Injection.html

seclists.org/fulldisclosure/2023/Oct/31

blog.leakix.net/2023/10/vinchin-backup-rce-chain/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

69.6%

JSON

Related for NVD:CVE-2023-45498

cvelist1 prion1 cve1 packetstorm1 zdt1 rapid7blog1