mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-31 10:41:19 +00:00
36 lines
1.0 KiB
JSON
36 lines
1.0 KiB
JSON
|
{
|
||
|
|
"id": "CVE-2023-45239",
|
||
|
|
"sourceIdentifier": "cve-assign@fb.com",
|
||
|
|
"published": "2023-10-06T18:15:12.337",
|
||
|
|
"lastModified": "2023-10-06T19:41:01.643",
|
||
|
|
"vulnStatus": "Awaiting Analysis",
|
||
|
|
"descriptions": [
|
||
|
|
{
|
||
|
|
"lang": "en",
|
||
|
|
"value": "A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tac_plus to inject shell commands and gain remote code execution on the tac_plus server."
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"metrics": {},
|
||
|
|
"weaknesses": [
|
||
|
|
{
|
||
|
|
"source": "cve-assign@fb.com",
|
||
|
|
"type": "Secondary",
|
||
|
|
"description": [
|
||
|
|
{
|
||
|
|
"lang": "en",
|
||
|
|
"value": "CWE-790"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"references": [
|
||
|
|
{
|
||
|
|
"url": "https://github.com/facebook/tac_plus/pull/41",
|
||
|
|
"source": "cve-assign@fb.com"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"url": "https://github.com/facebook/tac_plus/security/advisories/GHSA-p334-5r3g-4vx3",
|
||
|
|
"source": "cve-assign@fb.com"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|