Auto-Update: 2023-08-29T10:00:25.142317+00:00

2025-07-09 16:05:11 +00:00 · 2023-08-29 10:00:28 +00:00 · 2023-08-29 10:00:28 +00:00 · e13574f677
commit e13574f677
parent 53cc978e5f
7 changed files with 281 additions and 35 deletions
--- a/CVE-2023/CVE-2023-237xx/CVE-2023-23770.json
+++ b/CVE-2023/CVE-2023-237xx/CVE-2023-23770.json
@ -0,0 +1,43 @@
+{
+  "id": "CVE-2023-23770",
+  "sourceIdentifier": "cert@ncsc.nl",
+  "published": "2023-08-29T09:15:07.993",
+  "lastModified": "2023-08-29T09:15:07.993",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Motorola MBTS Site Controller accepts hard-coded backdoor password. The Motorola MBTS Site Controller Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cert@ncsc.nl",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.4,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.5
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://tetraburst.com/",
+      "source": "cert@ncsc.nl"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-237xx/CVE-2023-23771.json
+++ b/CVE-2023/CVE-2023-237xx/CVE-2023-23771.json
@ -0,0 +1,43 @@
+{
+  "id": "CVE-2023-23771",
+  "sourceIdentifier": "cert@ncsc.nl",
+  "published": "2023-08-29T09:15:08.910",
+  "lastModified": "2023-08-29T09:15:08.910",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Motorola MBTS Base Radio accepts hard-coded backdoor password. The Motorola MBTS Base Radio Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cert@ncsc.nl",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.4,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.5,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://tetraburst.com/",
+      "source": "cert@ncsc.nl"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-237xx/CVE-2023-23772.json
+++ b/CVE-2023/CVE-2023-237xx/CVE-2023-23772.json
@ -0,0 +1,43 @@
+{
+  "id": "CVE-2023-23772",
+  "sourceIdentifier": "cert@ncsc.nl",
+  "published": "2023-08-29T09:15:09.193",
+  "lastModified": "2023-08-29T09:15:09.193",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cert@ncsc.nl",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://tetraburst.com/",
+      "source": "cert@ncsc.nl"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-237xx/CVE-2023-23773.json
+++ b/CVE-2023/CVE-2023-237xx/CVE-2023-23773.json
@ -0,0 +1,43 @@
+{
+  "id": "CVE-2023-23773",
+  "sourceIdentifier": "cert@ncsc.nl",
+  "published": "2023-08-29T09:15:09.330",
+  "lastModified": "2023-08-29T09:15:09.330",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cert@ncsc.nl",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://tetraburst.com/",
+      "source": "cert@ncsc.nl"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-237xx/CVE-2023-23774.json
+++ b/CVE-2023/CVE-2023-237xx/CVE-2023-23774.json
@ -0,0 +1,43 @@
+{
+  "id": "CVE-2023-23774",
+  "sourceIdentifier": "cert@ncsc.nl",
+  "published": "2023-08-29T09:15:09.403",
+  "lastModified": "2023-08-29T09:15:09.403",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled exception. The Motorola MBTS Site Controller exposes a debug prompt on the device's serial port in case of an unhandled exception. This allows an attacker with physical access that is able to trigger such an exception to extract secret key material and/or gain arbitrary code execution on the device."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cert@ncsc.nl",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.4,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.5,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://tetraburst.com/",
+      "source": "cert@ncsc.nl"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-324xx/CVE-2023-32457.json
+++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32457.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-32457",
+  "sourceIdentifier": "security_alert@emc.com",
+  "published": "2023-08-29T08:15:34.120",
+  "lastModified": "2023-08-29T08:15:34.120",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "\nDell PowerScale OneFS, versions 8.2.2.x-9.5.0.x, contains an improper privilege management vulnerability. A remote attacker with low privileges could potentially exploit this vulnerability, leading to escalation of privileges.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security_alert@emc.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.6,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security_alert@emc.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-267"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.dell.com/support/kbdoc/en-us/000216916/dsa-2023-277-security-update-for-dell-powerscale-onefs-for-improper-privilege-management-vulnerability",
+      "source": "security_alert@emc.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-08-29T06:00:25.300848+00:00
+2023-08-29T10:00:25.142317+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-08-29T05:18:54.617000+00:00
+2023-08-29T09:15:09.403000+00:00
 ```

 ### Last Data Feed Release
@ -29,49 +29,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-223596
+223602
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `5`
+Recently added CVEs: `6`

-* [CVE-2023-41358](CVE-2023/CVE-2023-413xx/CVE-2023-41358.json) (`2023-08-29T04:15:16.180`)
-* [CVE-2023-41359](CVE-2023/CVE-2023-413xx/CVE-2023-41359.json) (`2023-08-29T04:15:16.877`)
-* [CVE-2023-41360](CVE-2023/CVE-2023-413xx/CVE-2023-41360.json) (`2023-08-29T04:15:16.957`)
-* [CVE-2023-41361](CVE-2023/CVE-2023-413xx/CVE-2023-41361.json) (`2023-08-29T04:15:17.027`)
-* [CVE-2023-41363](CVE-2023/CVE-2023-413xx/CVE-2023-41363.json) (`2023-08-29T05:15:43.723`)
+* [CVE-2023-32457](CVE-2023/CVE-2023-324xx/CVE-2023-32457.json) (`2023-08-29T08:15:34.120`)
+* [CVE-2023-23770](CVE-2023/CVE-2023-237xx/CVE-2023-23770.json) (`2023-08-29T09:15:07.993`)
+* [CVE-2023-23771](CVE-2023/CVE-2023-237xx/CVE-2023-23771.json) (`2023-08-29T09:15:08.910`)
+* [CVE-2023-23772](CVE-2023/CVE-2023-237xx/CVE-2023-23772.json) (`2023-08-29T09:15:09.193`)
+* [CVE-2023-23773](CVE-2023/CVE-2023-237xx/CVE-2023-23773.json) (`2023-08-29T09:15:09.330`)
+* [CVE-2023-23774](CVE-2023/CVE-2023-237xx/CVE-2023-23774.json) (`2023-08-29T09:15:09.403`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `42`
+Recently modified CVEs: `0`

-* [CVE-2023-26272](CVE-2023/CVE-2023-262xx/CVE-2023-26272.json) (`2023-08-29T05:04:00.920`)
-* [CVE-2023-26271](CVE-2023/CVE-2023-262xx/CVE-2023-26271.json) (`2023-08-29T05:04:27.877`)
-* [CVE-2023-35785](CVE-2023/CVE-2023-357xx/CVE-2023-35785.json) (`2023-08-29T05:18:54.617`)
-* [CVE-2023-39348](CVE-2023/CVE-2023-393xx/CVE-2023-39348.json) (`2023-08-29T05:18:54.617`)
-* [CVE-2023-39578](CVE-2023/CVE-2023-395xx/CVE-2023-39578.json) (`2023-08-29T05:18:54.617`)
-* [CVE-2023-41109](CVE-2023/CVE-2023-411xx/CVE-2023-41109.json) (`2023-08-29T05:18:54.617`)
-* [CVE-2023-38969](CVE-2023/CVE-2023-389xx/CVE-2023-38969.json) (`2023-08-29T05:18:54.617`)
-* [CVE-2023-39652](CVE-2023/CVE-2023-396xx/CVE-2023-39652.json) (`2023-08-29T05:18:54.617`)
-* [CVE-2023-39968](CVE-2023/CVE-2023-399xx/CVE-2023-39968.json) (`2023-08-29T05:18:54.617`)
-* [CVE-2023-40170](CVE-2023/CVE-2023-401xx/CVE-2023-40170.json) (`2023-08-29T05:18:54.617`)
-* [CVE-2023-34724](CVE-2023/CVE-2023-347xx/CVE-2023-34724.json) (`2023-08-29T05:18:54.617`)
-* [CVE-2023-34725](CVE-2023/CVE-2023-347xx/CVE-2023-34725.json) (`2023-08-29T05:18:54.617`)
-* [CVE-2023-39059](CVE-2023/CVE-2023-390xx/CVE-2023-39059.json) (`2023-08-29T05:18:54.617`)
-* [CVE-2023-40781](CVE-2023/CVE-2023-407xx/CVE-2023-40781.json) (`2023-08-29T05:18:54.617`)
-* [CVE-2023-40825](CVE-2023/CVE-2023-408xx/CVE-2023-40825.json) (`2023-08-29T05:18:54.617`)
-* [CVE-2023-40826](CVE-2023/CVE-2023-408xx/CVE-2023-40826.json) (`2023-08-29T05:18:54.617`)
-* [CVE-2023-40827](CVE-2023/CVE-2023-408xx/CVE-2023-40827.json) (`2023-08-29T05:18:54.617`)
-* [CVE-2023-40828](CVE-2023/CVE-2023-408xx/CVE-2023-40828.json) (`2023-08-29T05:18:54.617`)
-* [CVE-2023-40857](CVE-2023/CVE-2023-408xx/CVE-2023-40857.json) (`2023-08-29T05:18:54.617`)
-* [CVE-2023-40997](CVE-2023/CVE-2023-409xx/CVE-2023-40997.json) (`2023-08-29T05:18:54.617`)
-* [CVE-2023-40998](CVE-2023/CVE-2023-409xx/CVE-2023-40998.json) (`2023-08-29T05:18:54.617`)
-* [CVE-2023-41005](CVE-2023/CVE-2023-410xx/CVE-2023-41005.json) (`2023-08-29T05:18:54.617`)
-* [CVE-2023-4569](CVE-2023/CVE-2023-45xx/CVE-2023-4569.json) (`2023-08-29T05:18:54.617`)
-* [CVE-2023-39650](CVE-2023/CVE-2023-396xx/CVE-2023-39650.json) (`2023-08-29T05:18:54.617`)
-* [CVE-2023-1995](CVE-2023/CVE-2023-19xx/CVE-2023-1995.json) (`2023-08-29T05:18:54.617`)


 ## Download and Usage