CVE-2023-5142

H3C ER6300G2 Config File userLogin.asp path traversal

CVSS 3.7 LOWEPSS 2.3%CWE-22

Vexday Risk Score

8Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 3.7EPSS 2.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

24 sep 2023Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file /userLogin.asp of the component Config File Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-240238 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Productos afectados

H3C · ER2100n H3C · ER2200G2 H3C · ER3200G2 H3C · ER3260G2 H3C · ER5100G2 H3C · ER5200G2 H3C · ER6300G2 H3C · GR-1100-P H3C · GR-1108-P H3C · GR-1200W H3C · GR-1800AX H3C · GR-2200 H3C · GR-3200 H3C · GR-5200 H3C · GR-8300

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/CJCniubi666/H3C-ER/blob/main/README.md https://github.com/yinsel/CVE-H3C-Report https://vuldb.com/?ctiid.240238 https://vuldb.com/?id.240238