From d8c9864b7c0d25eefb2ff2da0150a23628eb9a99 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 24 Aug 2023 17:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/46xxx/CVE-2022-46884.json | 67 ++++++++++++++++-- 2023/34xxx/CVE-2023-34960.json | 5 ++ 2023/34xxx/CVE-2023-34971.json | 126 +++++++++++++++++++++++++++++++-- 2023/34xxx/CVE-2023-34972.json | 116 ++++++++++++++++++++++++++++-- 2023/34xxx/CVE-2023-34973.json | 116 ++++++++++++++++++++++++++++-- 2023/40xxx/CVE-2023-40706.json | 84 ++++++++++++++++++++-- 2023/40xxx/CVE-2023-40707.json | 84 ++++++++++++++++++++-- 2023/40xxx/CVE-2023-40708.json | 84 ++++++++++++++++++++-- 2023/40xxx/CVE-2023-40709.json | 84 ++++++++++++++++++++-- 2023/40xxx/CVE-2023-40710.json | 84 ++++++++++++++++++++-- 10 files changed, 813 insertions(+), 37 deletions(-) diff --git a/2022/46xxx/CVE-2022-46884.json b/2022/46xxx/CVE-2022-46884.json index 0ba32efdafe..a77ed1347c0 100644 --- a/2022/46xxx/CVE-2022-46884.json +++ b/2022/46xxx/CVE-2022-46884.json @@ -1,18 +1,75 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-46884", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mozilla.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time. This could have lead to memory corruption or a potentially exploitable crash.\n*Note*: This advisory was added on December 13th, 2022 after discovering it was inadvertently left out of the original advisory. The fix was included in the original release of Firefox 106. This vulnerability affects Firefox < 106." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Potential use-after-free in SVG Images" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "106" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1786818", + "refsource": "MISC", + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1786818" + }, + { + "url": "https://www.mozilla.org/security/advisories/mfsa2022-44/", + "refsource": "MISC", + "name": "https://www.mozilla.org/security/advisories/mfsa2022-44/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Timothy Nikkel" + } + ] } \ No newline at end of file diff --git a/2023/34xxx/CVE-2023-34960.json b/2023/34xxx/CVE-2023-34960.json index 58a9f198116..b4b26fcbe7a 100644 --- a/2023/34xxx/CVE-2023-34960.json +++ b/2023/34xxx/CVE-2023-34960.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-112-2023-04-20-Critical-impact-High-risk-Remote-Code-Execution", "url": "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-112-2023-04-20-Critical-impact-High-risk-Remote-Code-Execution" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/174314/Chamilo-1.11.18-Command-Injection.html", + "url": "http://packetstormsecurity.com/files/174314/Chamilo-1.11.18-Command-Injection.html" } ] } diff --git a/2023/34xxx/CVE-2023-34971.json b/2023/34xxx/CVE-2023-34971.json index 0b59950f0b0..b5fc05ff250 100644 --- a/2023/34xxx/CVE-2023-34971.json +++ b/2023/34xxx/CVE-2023-34971.json @@ -1,17 +1,135 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-34971", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An inadequate encryption strength vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to decrypt the data using brute force attacks via unspecified vectors.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2425 build 20230609 and later\nQTS 5.1.0.2444 build 20230629 and later\nQTS 4.5.4.2467 build 20230718 and later\nQuTS hero h5.1.0.2424 build 20230609 and later\nQuTS hero h4.5.4.2476 build 20230728 and later\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-326", + "cweId": "CWE-326" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "QTS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.0.*", + "version_value": "5.0.1.2425 build 20230609" + }, + { + "version_affected": "<", + "version_name": "5.1.*", + "version_value": "5.1.0.2444 build 20230629" + }, + { + "version_affected": "<", + "version_name": "4.5.*", + "version_value": "4.5.4.2467 build 20230718" + } + ] + } + }, + { + "product_name": "QuTS hero", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "h5.1.*", + "version_value": "h5.1.0.2424 build 20230609" + }, + { + "version_affected": "<", + "version_name": "h4.5.*", + "version_value": "h4.5.4.2476 build 20230728" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-23-60", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-23-60" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-23-60", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2425 build 20230609 and later
QTS 5.1.0.2444 build 20230629 and later
QTS 4.5.4.2467 build 20230718 and later
QuTS hero h5.1.0.2424 build 20230609 and later
QuTS hero h4.5.4.2476 build 20230728 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2425 build 20230609 and later\nQTS 5.1.0.2444 build 20230629 and later\nQTS 4.5.4.2467 build 20230718 and later\nQuTS hero h5.1.0.2424 build 20230609 and later\nQuTS hero h4.5.4.2476 build 20230728 and later\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Domen Puncer Kugler" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/34xxx/CVE-2023-34972.json b/2023/34xxx/CVE-2023-34972.json index 7c19a13df09..d5ad4d99056 100644 --- a/2023/34xxx/CVE-2023-34972.json +++ b/2023/34xxx/CVE-2023-34972.json @@ -1,17 +1,125 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-34972", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cleartext transmission of sensitive information vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to read the contents of unexpected sensitive data via unspecified vectors.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2425 build 20230609 and later\nQTS 5.1.0.2444 build 20230629 and later\nQuTS hero h5.1.0.2424 build 20230609 and later\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-319", + "cweId": "CWE-319" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "QTS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.0.*", + "version_value": "5.0.1.2425 build 20230609" + }, + { + "version_affected": "<", + "version_name": "5.1.*", + "version_value": "5.1.0.2444 build 20230629" + } + ] + } + }, + { + "product_name": "QuTS hero", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "h5.1.*", + "version_value": "h5.1.0.2424 build 20230609" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-23-58", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-23-58" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-23-58", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2425 build 20230609 and later
QTS 5.1.0.2444 build 20230629 and later
QuTS hero h5.1.0.2424 build 20230609 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2425 build 20230609 and later\nQTS 5.1.0.2444 build 20230629 and later\nQuTS hero h5.1.0.2424 build 20230609 and later\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Domen Puncer Kugler" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/34xxx/CVE-2023-34973.json b/2023/34xxx/CVE-2023-34973.json index 603eec41910..0a1954365d5 100644 --- a/2023/34xxx/CVE-2023-34973.json +++ b/2023/34xxx/CVE-2023-34973.json @@ -1,17 +1,125 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-34973", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@qnap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to predict secret via unspecified vectors.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2425 build 20230609 and later\nQTS 5.1.0.2444 build 20230629 and later\nQuTS hero h5.1.0.2424 build 20230609 and later\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-331", + "cweId": "CWE-331" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QNAP Systems Inc.", + "product": { + "product_data": [ + { + "product_name": "QTS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.0.*", + "version_value": "5.0.1.2425 build 20230609" + }, + { + "version_affected": "<", + "version_name": "5.1.*", + "version_value": "5.1.0.2444 build 20230629" + } + ] + } + }, + { + "product_name": "QuTS hero", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "h5.1.*", + "version_value": "h5.1.0.2424 build 20230609" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.qnap.com/en/security-advisory/qsa-23-59", + "refsource": "MISC", + "name": "https://www.qnap.com/en/security-advisory/qsa-23-59" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "QSA-23-59", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2425 build 20230609 and later
QTS 5.1.0.2444 build 20230629 and later
QuTS hero h5.1.0.2424 build 20230609 and later
" + } + ], + "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2425 build 20230609 and later\nQTS 5.1.0.2444 build 20230629 and later\nQuTS hero h5.1.0.2424 build 20230609 and later\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Domen Puncer Kugler" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.1, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/40xxx/CVE-2023-40706.json b/2023/40xxx/CVE-2023-40706.json index 0e7ba998214..154272c117c 100644 --- a/2023/40xxx/CVE-2023-40706.json +++ b/2023/40xxx/CVE-2023-40706.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-40706", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ot-cert@dragos.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is no limit on the number of login attempts in the web server for the SNAP PAC S1 Firmware version R10.3b. This could allow for a brute-force attack on the built-in web server login." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-307 Improper Restriction of Excessive Authentication Attempts", + "cweId": "CWE-307" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OPTO 22", + "product": { + "product_data": [ + { + "product_name": "SNAP PAC S1", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "R10.3b" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Nicolas Cano" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/40xxx/CVE-2023-40707.json b/2023/40xxx/CVE-2023-40707.json index 9252a3f7269..cd0b1819976 100644 --- a/2023/40xxx/CVE-2023-40707.json +++ b/2023/40xxx/CVE-2023-40707.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-40707", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ot-cert@dragos.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There are no requirements for setting a complex password in the built-in web server of the SNAP PAC S1 Firmware version R10.3b, which could allow for a successful brute force attack if users don't set up complex credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-521 Weak Password Requirements", + "cweId": "CWE-521" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OPTO 22", + "product": { + "product_data": [ + { + "product_name": "SNAP PAC S1", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "R10.3b" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Nicolas Cano" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/40xxx/CVE-2023-40708.json b/2023/40xxx/CVE-2023-40708.json index bc8656506f0..58cc1facb55 100644 --- a/2023/40xxx/CVE-2023-40708.json +++ b/2023/40xxx/CVE-2023-40708.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-40708", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ot-cert@dragos.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The File Transfer Protocol (FTP) port is open by default in the SNAP PAC S1 Firmware version R10.3b. This could allow an adversary to access some device files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OPTO 22", + "product": { + "product_data": [ + { + "product_name": "SNAP PAC S1", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "R10.3b" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Nicolas Cano" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/40xxx/CVE-2023-40709.json b/2023/40xxx/CVE-2023-40709.json index e5365b9fe13..5ccaddd6054 100644 --- a/2023/40xxx/CVE-2023-40709.json +++ b/2023/40xxx/CVE-2023-40709.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-40709", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ot-cert@dragos.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An adversary could crash the entire device by sending a large quantity of ICMP requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the\u00a0SNAP PAC S1 Firmware version R10.3b" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400 Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OPTO 22", + "product": { + "product_data": [ + { + "product_name": "SNAP PAC S1", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "R10.3b" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Nicolas Cano" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/40xxx/CVE-2023-40710.json b/2023/40xxx/CVE-2023-40710.json index 8c7fc34a8a9..136f31c8c80 100644 --- a/2023/40xxx/CVE-2023-40710.json +++ b/2023/40xxx/CVE-2023-40710.json @@ -1,17 +1,93 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-40710", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ot-cert@dragos.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An adversary could cause a continuous restart loop to the entire device by sending a large quantity of HTTP GET requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the\u00a0SNAP PAC S1 Firmware version R10.3b\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400 Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OPTO 22", + "product": { + "product_data": [ + { + "product_name": "SNAP PAC S1", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "R10.3b" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-236-02" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Nicolas Cano" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1" } ] }