From fda2ff2e34d6f147ce16b577b63638698dc9990b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 30 Jan 2023 22:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/34xxx/CVE-2022-34884.json | 91 +++++++++++++++++++++++++++++-- 2022/34xxx/CVE-2022-34885.json | 97 ++++++++++++++++++++++++++++++++-- 2022/34xxx/CVE-2022-34888.json | 91 +++++++++++++++++++++++++++++-- 2022/36xxx/CVE-2022-36227.json | 5 ++ 2022/40xxx/CVE-2022-40134.json | 91 +++++++++++++++++++++++++++++-- 2022/40xxx/CVE-2022-40135.json | 91 +++++++++++++++++++++++++++++-- 2022/40xxx/CVE-2022-40136.json | 91 +++++++++++++++++++++++++++++-- 2022/40xxx/CVE-2022-40137.json | 91 +++++++++++++++++++++++++++++-- 2022/48xxx/CVE-2022-48006.json | 56 +++++++++++++++++--- 2023/0xxx/CVE-2023-0587.json | 18 +++++++ 2023/22xxx/CVE-2023-22315.json | 97 ++++++++++++++++++++++++++++++++-- 2023/24xxx/CVE-2023-24020.json | 97 ++++++++++++++++++++++++++++++++-- 2023/24xxx/CVE-2023-24832.json | 18 +++++++ 2023/24xxx/CVE-2023-24833.json | 18 +++++++ 14 files changed, 910 insertions(+), 42 deletions(-) create mode 100644 2023/0xxx/CVE-2023-0587.json create mode 100644 2023/24xxx/CVE-2023-24832.json create mode 100644 2023/24xxx/CVE-2023-24833.json diff --git a/2022/34xxx/CVE-2022-34884.json b/2022/34xxx/CVE-2022-34884.json index 55cd29eb08f..324e8c46cf2 100644 --- a/2022/34xxx/CVE-2022-34884.json +++ b/2022/34xxx/CVE-2022-34884.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-34884", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@lenovo.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated users to cause a recoverable subsystem denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Lenovo", + "product": { + "product_data": [ + { + "product_name": "Lenovo XClarity Controller", + "version": { + "version_data": [ + { + "version_value": "various", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.lenovo.com/us/en/product_security/LEN-87734", + "refsource": "MISC", + "name": "https://support.lenovo.com/us/en/product_security/LEN-87734" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to the Lenovo XClarity Controller (XCC) version (or higher) as recommended in the Product Impact section in LEN-87734." + } + ], + "value": "Update to the Lenovo XClarity Controller (XCC) version (or higher) as recommended in the Product Impact section in LEN-87734." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2022/34xxx/CVE-2022-34885.json b/2022/34xxx/CVE-2022-34885.json index e5ccfd628d7..42f98608ea6 100644 --- a/2022/34xxx/CVE-2022-34885.json +++ b/2022/34xxx/CVE-2022-34885.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-34885", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@lenovo.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper input sanitization vulnerability in the Motorola MR2600 router could allow a local user with elevated permissions to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Motorola", + "product": { + "product_data": [ + { + "product_name": "MR2600 Router", + "version": { + "version_data": [ + { + "version_value": "Versions prior to 1.0.18", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://help.motorolanetwork.com/hc/en-us/articles/8161908477595", + "refsource": "MISC", + "name": "https://help.motorolanetwork.com/hc/en-us/articles/8161908477595" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Motorola recommends updating the Motorola MR2600 router to software version 1.0.18." + } + ], + "value": "Motorola recommends updating the Motorola MR2600 router to software version 1.0.18." + } + ], + "credits": [ + { + "lang": "en", + "value": "Motorola thanks Jiaqian Peng from Institute of Information Engineering, Chinese Academy of Science for reporting this vulnerability." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2022/34xxx/CVE-2022-34888.json b/2022/34xxx/CVE-2022-34888.json index bb27bfb5825..3bf456ce174 100644 --- a/2022/34xxx/CVE-2022-34888.json +++ b/2022/34xxx/CVE-2022-34888.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-34888", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@lenovo.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normally be accessible to users. Internal service access controls, as applicable, remain in effect." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-184: Incomplete List of Disallowed Inputs", + "cweId": "CWE-184" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Lenovo", + "product": { + "product_data": [ + { + "product_name": "Lenovo XClarity Controller", + "version": { + "version_data": [ + { + "version_value": "various", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.lenovo.com/us/en/product_security/LEN-87734", + "refsource": "MISC", + "name": "https://support.lenovo.com/us/en/product_security/LEN-87734" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to the Lenovo XClarity Controller (XCC) version (or higher) as recommended in the Product Impact section in LEN-87734." + } + ], + "value": "Update to the Lenovo XClarity Controller (XCC) version (or higher) as recommended in the Product Impact section in LEN-87734." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 2.7, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2022/36xxx/CVE-2022-36227.json b/2022/36xxx/CVE-2022-36227.json index 8ca749aff91..318971698b8 100644 --- a/2022/36xxx/CVE-2022-36227.json +++ b/2022/36xxx/CVE-2022-36227.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2022-e15be0091f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V67OO2UUQAUJS3IK4JZPF6F3LUCBU6IS/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20230130 [SECURITY] [DLA 3294-1] libarchive security update", + "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00034.html" } ] } diff --git a/2022/40xxx/CVE-2022-40134.json b/2022/40xxx/CVE-2022-40134.json index 0e415ca9ba0..76a2dd69ba7 100644 --- a/2022/40xxx/CVE-2022-40134.json +++ b/2022/40xxx/CVE-2022-40134.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-40134", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@lenovo.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125 Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Lenovo", + "product": { + "product_data": [ + { + "product_name": "BIOS", + "version": { + "version_data": [ + { + "version_value": "various", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.lenovo.com/us/en/product_security/LEN-94953", + "refsource": "MISC", + "name": "https://support.lenovo.com/us/en/product_security/LEN-94953" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-94953." + } + ], + "value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-94953." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/40xxx/CVE-2022-40135.json b/2022/40xxx/CVE-2022-40135.json index faa614ce1e5..ceb8dfd587d 100644 --- a/2022/40xxx/CVE-2022-40135.json +++ b/2022/40xxx/CVE-2022-40135.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-40135", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@lenovo.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information leak vulnerability in the Smart USB Protection SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125 Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Lenovo", + "product": { + "product_data": [ + { + "product_name": "BIOS", + "version": { + "version_data": [ + { + "version_value": "various", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.lenovo.com/us/en/product_security/LEN-94953", + "refsource": "MISC", + "name": "https://support.lenovo.com/us/en/product_security/LEN-94953" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-94953." + } + ], + "value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-94953." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/40xxx/CVE-2022-40136.json b/2022/40xxx/CVE-2022-40136.json index e593b3d6f70..4fb1003b925 100644 --- a/2022/40xxx/CVE-2022-40136.json +++ b/2022/40xxx/CVE-2022-40136.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-40136", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@lenovo.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125 Out-of-bounds Read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Lenovo", + "product": { + "product_data": [ + { + "product_name": "BIOS", + "version": { + "version_data": [ + { + "version_value": "various", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.lenovo.com/us/en/product_security/LEN-94953", + "refsource": "MISC", + "name": "https://support.lenovo.com/us/en/product_security/LEN-94953" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-94953." + } + ], + "value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-94953." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2022/40xxx/CVE-2022-40137.json b/2022/40xxx/CVE-2022-40137.json index e469bc0bde9..29fba889c05 100644 --- a/2022/40xxx/CVE-2022-40137.json +++ b/2022/40xxx/CVE-2022-40137.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-40137", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@lenovo.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + "cweId": "CWE-120" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Lenovo", + "product": { + "product_data": [ + { + "product_name": "BIOS", + "version": { + "version_data": [ + { + "version_value": "various", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.lenovo.com/us/en/product_security/LEN-94953", + "refsource": "MISC", + "name": "https://support.lenovo.com/us/en/product_security/LEN-94953" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-94953." + } + ], + "value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-94953." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2022/48xxx/CVE-2022-48006.json b/2022/48xxx/CVE-2022-48006.json index 8531bf3c267..31351d690f8 100644 --- a/2022/48xxx/CVE-2022-48006.json +++ b/2022/48xxx/CVE-2022-48006.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2022-48006", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2022-48006", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/taogogo/taocms/issues/35", + "refsource": "MISC", + "name": "https://github.com/taogogo/taocms/issues/35" } ] } diff --git a/2023/0xxx/CVE-2023-0587.json b/2023/0xxx/CVE-2023-0587.json new file mode 100644 index 00000000000..cdb5bfc4f61 --- /dev/null +++ b/2023/0xxx/CVE-2023-0587.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0587", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/22xxx/CVE-2023-22315.json b/2023/22xxx/CVE-2023-22315.json index febf4c6d245..371a83a7dc9 100644 --- a/2023/22xxx/CVE-2023-22315.json +++ b/2023/22xxx/CVE-2023-22315.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-22315", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior use a proprietary local area network (LAN) protocol that does not verify updates to the device. An attacker could upload a malformed update file to the device and execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-345 Insufficient Verification of Data Authenticity", + "cweId": "CWE-345" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Snap One", + "product": { + "product_data": [ + { + "product_name": "Wattbox WB-300-IP-3", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-03", + "refsource": "MISC", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-03" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\n

Snap One has released the following updates for the affected products:

\n\n
" + } + ], + "value": "\nSnap One has released the following updates for the affected products: \n\n * Version WB10.B929 https://app.ovrc.com/#/user-settings \u00a0(login required) \n\n\n\n\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Uri Katz of Claroty Research reported these vulnerabilities to CISA. " + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/24xxx/CVE-2023-24020.json b/2023/24xxx/CVE-2023-24020.json index b5a2f1cfa14..8d01176c46d 100644 --- a/2023/24xxx/CVE-2023-24020.json +++ b/2023/24xxx/CVE-2023-24020.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-24020", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior could bypass the brute force protection, allowing multiple attempts to force a login." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-307 Improper Restriction of Excessive Authentication Attempts", + "cweId": "CWE-307" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Snap One", + "product": { + "product_data": [ + { + "product_name": "Wattbox WB-300-IP-3", + "version": { + "version_data": [ + { + "version_value": "0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-03", + "refsource": "MISC", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-03" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\n

Snap One has released the following updates for the affected products:

\n\n
" + } + ], + "value": "\nSnap One has released the following updates for the affected products: \n\n * Version WB10.B929 https://app.ovrc.com/#/user-settings \u00a0(login required) \n\n\n\n\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Uri Katz of Claroty Research reported these vulnerabilities to CISA. " + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2023/24xxx/CVE-2023-24832.json b/2023/24xxx/CVE-2023-24832.json new file mode 100644 index 00000000000..b4999ea5b15 --- /dev/null +++ b/2023/24xxx/CVE-2023-24832.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-24832", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/24xxx/CVE-2023-24833.json b/2023/24xxx/CVE-2023-24833.json new file mode 100644 index 00000000000..310dccfd176 --- /dev/null +++ b/2023/24xxx/CVE-2023-24833.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-24833", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file