CVE-2023-23582

Опубликовано: 30 янв. 2023

Источник: nvd

CVSS3: 5.3

CVSS3: 9.8

EPSS Низкий

Описание

Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior are vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code or crash the device remotely.

Ссылки

https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-03
Third Party Advisory
US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-03
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:snapav:wattbox_wb-300-ip-3_firmware:*:*:*:*:*:*:*:*

Версия до wb10.9a17 (включая)

cpe:2.3:h:snapav:wattbox_wb-300-ip-3:-:*:*:*:*:*:*:*

EPSS

Процентиль: 73%

0.00742

Низкий

5.3 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-122

CWE-787

Связанные уязвимости

GHSA-jj77-6h6h-gh59

CVSS3: 9.8

github

около 3 лет назад

Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior are vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code or crash the device remotely.

EPSS

Процентиль: 73%

0.00742

Низкий

5.3 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-122

CWE-787