admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-07 05:28:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-226xx/CVE-2023-22601.json
cad-safe-bot b47d02a333 Auto-Update: 2023-11-07T21:02:52.274489+00:00
2023-11-07 21:03:21 +00:00

137 lines
4.0 KiB
JSON
Raw Blame History

{
"id": "CVE-2023-22601",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-01-12T23:15:10.527",
"lastModified": "2023-11-07T04:07:05.840",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "\nInHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values.\u00a0They\u00a0do not properly randomize MQTT ClientID parameters. An unauthorized user could calculate this parameter and use it to gather additional information about other InHand devices managed on the same cloud platform. \n\n \n\n \n\n \n\n \n\n \n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
},
{
"source": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-330"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:inhandnetworks:inrouter302_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.56",
"matchCriteriaId": "61C63AA2-2DB5-4E01-9C62-7F78EC298C3F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:inhandnetworks:inrouter302:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B361EE15-6BF4-4D50-AD36-5AC31A101F2E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:inhandnetworks:inrouter615-s_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.3.0.r5542",
"matchCriteriaId": "2CC78CBF-AC9D-4581-95DE-CE869505C479"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:inhandnetworks:inrouter615-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88C88156-94C3-4EFE-9AAB-A9E2BA114ABC"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-03",
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink