Lucene search

K
nvd[email protected]NVD:CVE-2023-45852
HistoryOct 14, 2023 - 2:15 a.m.

CVE-2023-45852

2023-10-1402:15:09
CWE-77
web.nvd.nist.gov
5
vitogate
authentication bypass
ipaddr params

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.038

Percentile

92.1%

In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method.

Affected configurations

Nvd
Node
viessmannvitogate_300_firmwareRange2.1.3.0
AND
viessmannvitogate_300Match-
VendorProductVersionCPE
viessmannvitogate_300_firmware*cpe:2.3:o:viessmann:vitogate_300_firmware:*:*:*:*:*:*:*:*
viessmannvitogate_300-cpe:2.3:h:viessmann:vitogate_300:-:*:*:*:*:*:*:*

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.038

Percentile

92.1%

Related for NVD:CVE-2023-45852