H3C ER6300G2 ଯେପର୍ଯ୍ୟନ୍ତ 20230908 Config File /userLogin.asp ଡିରେକ୍ଟୋରୀ ଟ୍ରାଭର୍ସାଲ

Dogoggorri kan akka ଜଟିଳ jedhamuun ramadame H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 ଯେପର୍ଯ୍ୟନ୍ତ 20230908 keessatti argameera. Miidhaan irra gahe is hojii hin beekamne faayilii /userLogin.asp keessa kutaa Config File Handler keessa. Dhugumatti jijjiirraa gara ଡିରେକ୍ଟୋରୀ ଟ୍ରାଭର୍ସାଲ geessa. Waliigalteewwan CWE fayyadamuun rakkoo ibsuun gara CWE-22 si geessa. Beekumsi kun yeroo 09/24/2023 ifoomsifameera. Odeeffannoon kun buufachuuf github.com irratti dhiyaateera. Dogoggorri kun maqaa CVE-2023-5142 jedhuun tajaajilama. Weerara fageenya irraa jalqabuun ni danda'ama. Odeeffannoon teeknikaa ni argama. Akka dabalataan, meeshaa balaa kana fayyadamuuf argama. Qorannoo miidhaa (exploit) beeksifamee jira, namoonni itti fayyadamuu danda'u. Yeroo ammaa, gatii exploit might be approx. USD $0-$5k beekamuu danda'a. ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee murtaa’eera. Exploit kana github.com irraa buufachuu ni dandeessa. Waggaa 0-day ta'ee, gatiin isaa daldala dhoksaa keessatti $0-$5k jedhamee tilmaamame. Once again VulDB remains the best source for vulnerability data.

4 ଆଡାପ୍ଟେସନ୍ · 73 ପଏଣ୍ଟ

ଫିଲ୍ଡସୃଷ୍ଟି ହୋଇଛି
09/24/2023 04:11 PM		ଅଦ୍ୟତନ 1/3
09/24/2023 04:15 PM		ଅଦ୍ୟତନ 2/3
10/14/2023 05:35 PM		ଅଦ୍ୟତନ 3/3
10/14/2023 05:43 PM
software_vendorH3CH3CH3CH3C
software_version<=20230908<=20230908<=20230908<=20230908
software_componentConfig File HandlerConfig File HandlerConfig File HandlerConfig File Handler
software_file/userLogin.asp/userLogin.asp/userLogin.asp/userLogin.asp
vulnerability_cweCWE-22 (ଡିରେକ୍ଟୋରୀ ଟ୍ରାଭର୍ସାଲ)CWE-22 (ଡିରେକ୍ଟୋରୀ ଟ୍ରାଭର୍ସାଲ)CWE-22 (ଡିରେକ୍ଟୋରୀ ଟ୍ରାଭର୍ସାଲ)CWE-22 (ଡିରେକ୍ଟୋରୀ ଟ୍ରାଭର୍ସାଲ)
vulnerability_risk2222
cvss3_vuldb_avNNNN
cvss3_vuldb_acHHHH
cvss3_vuldb_prNNNN
cvss3_vuldb_uiNNNN
cvss3_vuldb_sUUUU
cvss3_vuldb_cLLLL
cvss3_vuldb_iNNNN
cvss3_vuldb_aNNNN
cvss3_vuldb_ePPPP
cvss3_vuldb_rcRRRR
advisory_urlhttps://github.com/yinsel/CVE-H3C-Reporthttps://github.com/yinsel/CVE-H3C-Reporthttps://github.com/yinsel/CVE-H3C-Reporthttps://github.com/yinsel/CVE-H3C-Report
exploit_availability1111
exploit_publicity1111
exploit_urlhttps://github.com/yinsel/CVE-H3C-Reporthttps://github.com/yinsel/CVE-H3C-Reporthttps://github.com/yinsel/CVE-H3C-Reporthttps://github.com/yinsel/CVE-H3C-Report
source_cveCVE-2023-5142CVE-2023-5142CVE-2023-5142CVE-2023-5142
cna_responsibleVulDBVulDBVulDBVulDB
response_summaryThe vendor was contacted early about this disclosure but did not respond in any way.The vendor was contacted early about this disclosure but did not respond in any way.The vendor was contacted early about this disclosure but did not respond in any way.The vendor was contacted early about this disclosure but did not respond in any way.
advisory_date1695506400 (09/24/2023)1695506400 (09/24/2023)1695506400 (09/24/2023)1695506400 (09/24/2023)
cvss2_vuldb_avNNNN
cvss2_vuldb_acHHHH
cvss2_vuldb_auNNNN
cvss2_vuldb_ciPPPP
cvss2_vuldb_iiNNNN
cvss2_vuldb_aiNNNN
cvss2_vuldb_ePOCPOCPOCPOC
cvss2_vuldb_rcURURURUR
cvss2_vuldb_rlNDNDNDND
cvss3_vuldb_rlXXXX
cvss2_vuldb_basescore2.62.62.62.6
cvss2_vuldb_tempscore2.22.22.22.2
cvss3_vuldb_basescore3.73.73.73.7
cvss3_vuldb_tempscore3.43.43.43.4
cvss3_meta_basescore3.73.73.74.2
cvss3_meta_tempscore3.43.43.44.1
software_nameGR-1100-P/GR-1108-P/GR-1200W/GR-1800AX/GR-2200/GR-3200/GR-5200/GR-8300/ER2100n/ER2200G2/ER3200G2/ER3260G2/ER5100G2/ER5200G2/ER6300G2GR-1100-P/GR-1108-P/GR-1200W/GR-1800AX/GR-2200/GR-3200/GR-5200/GR-8300/ER2100n/ER2200G2/ER3200G2/ER3260G2/ER5100G2/ER5200G2/ER6300G2GR-1100-P/GR-1108-P/GR-1200W/GR-1800AX/GR-2200/GR-3200/GR-5200/GR-8300/ER2100n/ER2200G2/ER3200G2/ER3260G2/ER5100G2/ER5200G2/ER6300G2
advisory_confirm_urlhttps://github.com/CJCniubi666/H3C-ER/blob/main/README.mdhttps://github.com/CJCniubi666/H3C-ER/blob/main/README.mdhttps://github.com/CJCniubi666/H3C-ER/blob/main/README.md
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned1695506400 (09/24/2023)1695506400 (09/24/2023)
cve_nvd_summaryA vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file /userLogin.asp of the component Config File Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-240238 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file /userLogin.asp of the component Config File Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-240238 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
cvss3_nvd_aN
cvss2_nvd_avN
cvss2_nvd_acH
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiN
cvss2_nvd_aiN
cvss3_cna_avN
cvss3_cna_acH
cvss3_cna_prN
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iN
cvss3_cna_aN
cve_cnaVulDB
cvss2_nvd_basescore2.6
cvss3_nvd_basescore5.3
cvss3_cna_basescore3.7
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cL
cvss3_nvd_iN

ପଛକୁସମୀକ୍ଷାଆହୁରି ଦୂରରେ

Interested in the pricing of exploits?

See the underground prices here!