Lucene search

K
nvd[email protected]NVD:CVE-2023-49897
HistoryDec 06, 2023 - 7:15 a.m.

CVE-2023-49897

2023-12-0607:15:41
CWE-78
web.nvd.nist.gov
2
cve-2023-49897
command injection
ae1021pe
ae1021
firmware
security vulnerability
arbitrary execution
attacker

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.01

Percentile

84.2%

An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product.

Affected configurations

Nvd
Node
fxcae1021_firmwareRange<2.0.10
AND
fxcae1021Match-
Node
fxcae1021pe_firmwareRange<2.0.10
AND
fxcae1021peMatch-
VendorProductVersionCPE
fxcae1021_firmware*cpe:2.3:o:fxc:ae1021_firmware:*:*:*:*:*:*:*:*
fxcae1021-cpe:2.3:h:fxc:ae1021:-:*:*:*:*:*:*:*
fxcae1021pe_firmware*cpe:2.3:o:fxc:ae1021pe_firmware:*:*:*:*:*:*:*:*
fxcae1021pe-cpe:2.3:h:fxc:ae1021pe:-:*:*:*:*:*:*:*

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.01

Percentile

84.2%