Lucene search

VulDBVULNRICHMENT:CVE-2023-5327

HistoryOct 01, 2023 - 11:00 p.m.

CVE-2023-5327 SATO CL4NX-J Plus path traversal

2023-10-0123:00:06

CWE-22

VulDB

github.com

sato cl4nx-j plus

path traversal

security vulnerability

local network

public disclosure

vdb-241028

CVSS2

2.7

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:S/C:P/I:N/A:N

CVSS3

3.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.7

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

A vulnerability was found in SATO CL4NX-J Plus 1.13.2-u455_r2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /rest/dir/. The manipulation of the argument full leads to path traversal. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241028.

References

github.com/CV3TR4CK/CV3Cyb3R/blob/main/2023/SATO%20CL4NX-J%20Plus%20dir/README.md

vuldb.com/?ctiid.241028

vuldb.com/?id.241028

CVSS2

2.7

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:S/C:P/I:N/A:N

CVSS3

3.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.7

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2023-5327