Lucene search

NCSC-NLVULNRICHMENT:CVE-2023-41921

HistoryJul 02, 2024 - 7:42 a.m.

CVE-2023-41921 Download of Code Without Integrity Check in Kiloview P1/P2 devices

2024-07-0207:42:33

CWE-494

NCSC-NL

github.com

cve-2023-41921

download of code

integrity check

kiloview p1/p2

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

Low

JSON

A vulnerability allows attackers to download source code or an executable from a remote location and execute the code without sufficiently verifying the origin and integrity of the code. This vulnerability can allow attackers to modify the firmware before uploading it to the system, thus achieving the modification of the target’s integrity to achieve an insecure state.

CNA Affected

[
  {
    "vendor": "Kiloview",
    "product": "P1/P2",
    "versions": [
      {
        "status": "affected",
        "version": "All",
        "lessThanOrEqual": "4.8.2605",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

advisories.ncsc.nl/advisory?id=NCSC-2024-0273

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

Low

JSON

Related for VULNRICHMENT:CVE-2023-41921