From e13574f67718bf8eb15d562d762595656cb207aa Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 29 Aug 2023 10:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-08-29T10:00:25.142317+00:00 --- CVE-2023/CVE-2023-237xx/CVE-2023-23770.json | 43 ++++++++++++++++ CVE-2023/CVE-2023-237xx/CVE-2023-23771.json | 43 ++++++++++++++++ CVE-2023/CVE-2023-237xx/CVE-2023-23772.json | 43 ++++++++++++++++ CVE-2023/CVE-2023-237xx/CVE-2023-23773.json | 43 ++++++++++++++++ CVE-2023/CVE-2023-237xx/CVE-2023-23774.json | 43 ++++++++++++++++ CVE-2023/CVE-2023-324xx/CVE-2023-32457.json | 55 +++++++++++++++++++++ README.md | 46 +++++------------ 7 files changed, 281 insertions(+), 35 deletions(-) create mode 100644 CVE-2023/CVE-2023-237xx/CVE-2023-23770.json create mode 100644 CVE-2023/CVE-2023-237xx/CVE-2023-23771.json create mode 100644 CVE-2023/CVE-2023-237xx/CVE-2023-23772.json create mode 100644 CVE-2023/CVE-2023-237xx/CVE-2023-23773.json create mode 100644 CVE-2023/CVE-2023-237xx/CVE-2023-23774.json create mode 100644 CVE-2023/CVE-2023-324xx/CVE-2023-32457.json diff --git a/CVE-2023/CVE-2023-237xx/CVE-2023-23770.json b/CVE-2023/CVE-2023-237xx/CVE-2023-23770.json new file mode 100644 index 00000000000..df770fe32ea --- /dev/null +++ b/CVE-2023/CVE-2023-237xx/CVE-2023-23770.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-23770", + "sourceIdentifier": "cert@ncsc.nl", + "published": "2023-08-29T09:15:07.993", + "lastModified": "2023-08-29T09:15:07.993", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Motorola MBTS Site Controller accepts hard-coded backdoor password. The Motorola MBTS Site Controller Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cert@ncsc.nl", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.4, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.5 + } + ] + }, + "references": [ + { + "url": "https://tetraburst.com/", + "source": "cert@ncsc.nl" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-237xx/CVE-2023-23771.json b/CVE-2023/CVE-2023-237xx/CVE-2023-23771.json new file mode 100644 index 00000000000..af0496e652c --- /dev/null +++ b/CVE-2023/CVE-2023-237xx/CVE-2023-23771.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-23771", + "sourceIdentifier": "cert@ncsc.nl", + "published": "2023-08-29T09:15:08.910", + "lastModified": "2023-08-29T09:15:08.910", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Motorola MBTS Base Radio accepts hard-coded backdoor password. The Motorola MBTS Base Radio Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cert@ncsc.nl", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://tetraburst.com/", + "source": "cert@ncsc.nl" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-237xx/CVE-2023-23772.json b/CVE-2023/CVE-2023-237xx/CVE-2023-23772.json new file mode 100644 index 00000000000..c225cc62683 --- /dev/null +++ b/CVE-2023/CVE-2023-237xx/CVE-2023-23772.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-23772", + "sourceIdentifier": "cert@ncsc.nl", + "published": "2023-08-29T09:15:09.193", + "lastModified": "2023-08-29T09:15:09.193", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cert@ncsc.nl", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://tetraburst.com/", + "source": "cert@ncsc.nl" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-237xx/CVE-2023-23773.json b/CVE-2023/CVE-2023-237xx/CVE-2023-23773.json new file mode 100644 index 00000000000..ac4945cde1f --- /dev/null +++ b/CVE-2023/CVE-2023-237xx/CVE-2023-23773.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-23773", + "sourceIdentifier": "cert@ncsc.nl", + "published": "2023-08-29T09:15:09.330", + "lastModified": "2023-08-29T09:15:09.330", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cert@ncsc.nl", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://tetraburst.com/", + "source": "cert@ncsc.nl" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-237xx/CVE-2023-23774.json b/CVE-2023/CVE-2023-237xx/CVE-2023-23774.json new file mode 100644 index 00000000000..3cccf05e285 --- /dev/null +++ b/CVE-2023/CVE-2023-237xx/CVE-2023-23774.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-23774", + "sourceIdentifier": "cert@ncsc.nl", + "published": "2023-08-29T09:15:09.403", + "lastModified": "2023-08-29T09:15:09.403", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled exception. The Motorola MBTS Site Controller exposes a debug prompt on the device's serial port in case of an unhandled exception. This allows an attacker with physical access that is able to trigger such an exception to extract secret key material and/or gain arbitrary code execution on the device." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cert@ncsc.nl", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://tetraburst.com/", + "source": "cert@ncsc.nl" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32457.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32457.json new file mode 100644 index 00000000000..d076e1d1ff7 --- /dev/null +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32457.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-32457", + "sourceIdentifier": "security_alert@emc.com", + "published": "2023-08-29T08:15:34.120", + "lastModified": "2023-08-29T08:15:34.120", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nDell PowerScale OneFS, versions 8.2.2.x-9.5.0.x, contains an improper privilege management vulnerability. A remote attacker with low privileges could potentially exploit this vulnerability, leading to escalation of privileges.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security_alert@emc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security_alert@emc.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-267" + } + ] + } + ], + "references": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000216916/dsa-2023-277-security-update-for-dell-powerscale-onefs-for-improper-privilege-management-vulnerability", + "source": "security_alert@emc.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index c9cbf562c76..6bbaeed2acf 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-29T06:00:25.300848+00:00 +2023-08-29T10:00:25.142317+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-29T05:18:54.617000+00:00 +2023-08-29T09:15:09.403000+00:00 ``` ### Last Data Feed Release @@ -29,49 +29,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -223596 +223602 ``` ### CVEs added in the last Commit -Recently added CVEs: `5` +Recently added CVEs: `6` -* [CVE-2023-41358](CVE-2023/CVE-2023-413xx/CVE-2023-41358.json) (`2023-08-29T04:15:16.180`) -* [CVE-2023-41359](CVE-2023/CVE-2023-413xx/CVE-2023-41359.json) (`2023-08-29T04:15:16.877`) -* [CVE-2023-41360](CVE-2023/CVE-2023-413xx/CVE-2023-41360.json) (`2023-08-29T04:15:16.957`) -* [CVE-2023-41361](CVE-2023/CVE-2023-413xx/CVE-2023-41361.json) (`2023-08-29T04:15:17.027`) -* [CVE-2023-41363](CVE-2023/CVE-2023-413xx/CVE-2023-41363.json) (`2023-08-29T05:15:43.723`) +* [CVE-2023-32457](CVE-2023/CVE-2023-324xx/CVE-2023-32457.json) (`2023-08-29T08:15:34.120`) +* [CVE-2023-23770](CVE-2023/CVE-2023-237xx/CVE-2023-23770.json) (`2023-08-29T09:15:07.993`) +* [CVE-2023-23771](CVE-2023/CVE-2023-237xx/CVE-2023-23771.json) (`2023-08-29T09:15:08.910`) +* [CVE-2023-23772](CVE-2023/CVE-2023-237xx/CVE-2023-23772.json) (`2023-08-29T09:15:09.193`) +* [CVE-2023-23773](CVE-2023/CVE-2023-237xx/CVE-2023-23773.json) (`2023-08-29T09:15:09.330`) +* [CVE-2023-23774](CVE-2023/CVE-2023-237xx/CVE-2023-23774.json) (`2023-08-29T09:15:09.403`) ### CVEs modified in the last Commit -Recently modified CVEs: `42` +Recently modified CVEs: `0` -* [CVE-2023-26272](CVE-2023/CVE-2023-262xx/CVE-2023-26272.json) (`2023-08-29T05:04:00.920`) -* [CVE-2023-26271](CVE-2023/CVE-2023-262xx/CVE-2023-26271.json) (`2023-08-29T05:04:27.877`) -* [CVE-2023-35785](CVE-2023/CVE-2023-357xx/CVE-2023-35785.json) (`2023-08-29T05:18:54.617`) -* [CVE-2023-39348](CVE-2023/CVE-2023-393xx/CVE-2023-39348.json) (`2023-08-29T05:18:54.617`) -* [CVE-2023-39578](CVE-2023/CVE-2023-395xx/CVE-2023-39578.json) (`2023-08-29T05:18:54.617`) -* [CVE-2023-41109](CVE-2023/CVE-2023-411xx/CVE-2023-41109.json) (`2023-08-29T05:18:54.617`) -* [CVE-2023-38969](CVE-2023/CVE-2023-389xx/CVE-2023-38969.json) (`2023-08-29T05:18:54.617`) -* [CVE-2023-39652](CVE-2023/CVE-2023-396xx/CVE-2023-39652.json) (`2023-08-29T05:18:54.617`) -* [CVE-2023-39968](CVE-2023/CVE-2023-399xx/CVE-2023-39968.json) (`2023-08-29T05:18:54.617`) -* [CVE-2023-40170](CVE-2023/CVE-2023-401xx/CVE-2023-40170.json) (`2023-08-29T05:18:54.617`) -* [CVE-2023-34724](CVE-2023/CVE-2023-347xx/CVE-2023-34724.json) (`2023-08-29T05:18:54.617`) -* [CVE-2023-34725](CVE-2023/CVE-2023-347xx/CVE-2023-34725.json) (`2023-08-29T05:18:54.617`) -* [CVE-2023-39059](CVE-2023/CVE-2023-390xx/CVE-2023-39059.json) (`2023-08-29T05:18:54.617`) -* [CVE-2023-40781](CVE-2023/CVE-2023-407xx/CVE-2023-40781.json) (`2023-08-29T05:18:54.617`) -* [CVE-2023-40825](CVE-2023/CVE-2023-408xx/CVE-2023-40825.json) (`2023-08-29T05:18:54.617`) -* [CVE-2023-40826](CVE-2023/CVE-2023-408xx/CVE-2023-40826.json) (`2023-08-29T05:18:54.617`) -* [CVE-2023-40827](CVE-2023/CVE-2023-408xx/CVE-2023-40827.json) (`2023-08-29T05:18:54.617`) -* [CVE-2023-40828](CVE-2023/CVE-2023-408xx/CVE-2023-40828.json) (`2023-08-29T05:18:54.617`) -* [CVE-2023-40857](CVE-2023/CVE-2023-408xx/CVE-2023-40857.json) (`2023-08-29T05:18:54.617`) -* [CVE-2023-40997](CVE-2023/CVE-2023-409xx/CVE-2023-40997.json) (`2023-08-29T05:18:54.617`) -* [CVE-2023-40998](CVE-2023/CVE-2023-409xx/CVE-2023-40998.json) (`2023-08-29T05:18:54.617`) -* [CVE-2023-41005](CVE-2023/CVE-2023-410xx/CVE-2023-41005.json) (`2023-08-29T05:18:54.617`) -* [CVE-2023-4569](CVE-2023/CVE-2023-45xx/CVE-2023-4569.json) (`2023-08-29T05:18:54.617`) -* [CVE-2023-39650](CVE-2023/CVE-2023-396xx/CVE-2023-39650.json) (`2023-08-29T05:18:54.617`) -* [CVE-2023-1995](CVE-2023/CVE-2023-19xx/CVE-2023-1995.json) (`2023-08-29T05:18:54.617`) ## Download and Usage