nvd-json-data-feeds/CVE-2023/CVE-2023-59xx/CVE-2023-5935.json

{
  "id": "CVE-2023-5935",
  "sourceIdentifier": "prodsec@nozominetworks.com",
  "published": "2024-05-15T16:15:09.020",
  "lastModified": "2024-05-28T13:15:10.383",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "When configuring Arc (e.g. during the first setup), a local web interface is provided to ease the configuration process. Such web interface lacks authentication and may thus be abused by a local attacker or malware running on the machine itself.\n\n\n\nA malicious local user or process, during a window of opportunity when the local web interface is active, may be able to extract sensitive information or change Arc's configuration. This could also lead to arbitrary code execution if a malicious update package is installed."
    },
    {
      "lang": "es",
      "value": "Al configurar Arc (por ejemplo, durante la primera configuraci\u00f3n), se proporciona una interfaz web local para facilitar el proceso de configuraci\u00f3n. Dicha interfaz web carece de autenticaci\u00f3n y, por lo tanto, un atacante local o un malware que se ejecuta en la propia m\u00e1quina pueden abusar de ella. Un usuario o proceso local malicioso, durante una ventana de oportunidad cuando la interfaz web local est\u00e1 activa, puede extraer informaci\u00f3n confidencial o cambiar la configuraci\u00f3n de Arc. Esto tambi\u00e9n podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario si se instala un paquete de actualizaci\u00f3n malicioso."
    }
  ],
  "metrics": {
    "cvssMetricV40": [
      {
        "source": "prodsec@nozominetworks.com",
        "type": "Secondary",
        "cvssData": {
          "version": "4.0",
          "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "attackVector": "LOCAL",
          "attackComplexity": "HIGH",
          "attackRequirements": "PRESENT",
          "privilegesRequired": "NONE",
          "userInteraction": "PASSIVE",
          "vulnerableSystemConfidentiality": "HIGH",
          "vulnerableSystemIntegrity": "HIGH",
          "vulnerableSystemAvailability": "HIGH",
          "subsequentSystemConfidentiality": "NONE",
          "subsequentSystemIntegrity": "NONE",
          "subsequentSystemAvailability": "NONE",
          "exploitMaturity": "NOT_DEFINED",
          "confidentialityRequirements": "NOT_DEFINED",
          "integrityRequirements": "NOT_DEFINED",
          "availabilityRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
          "safety": "NOT_DEFINED",
          "automatable": "NOT_DEFINED",
          "recovery": "NOT_DEFINED",
          "valueDensity": "NOT_DEFINED",
          "vulnerabilityResponseEffort": "NOT_DEFINED",
          "providerUrgency": "NOT_DEFINED",
          "baseScore": 7.3,
          "baseSeverity": "HIGH"
        }
      }
    ],
    "cvssMetricV31": [
      {
        "source": "prodsec@nozominetworks.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "HIGH",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.4,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.4,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "prodsec@nozominetworks.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://security.nozominetworks.com/NN-2023:13-01",
      "source": "prodsec@nozominetworks.com"
    }
  ]
}