CVE-2023-2379

Опубликовано: 28 апр. 2023

Источник: nvd

CVSS3: 7.5

CVSS2: 7.8

EPSS Низкий

Описание

A vulnerability classified as critical has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Service. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227655.

Ссылки

https://github.com/leetsun/IoT/tree/main/EdgeRouterX/DoS
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.227655
Third Party Advisory
https://vuldb.com/?id.227655
Third Party Advisory
https://github.com/leetsun/IoT/tree/main/EdgeRouterX/DoS
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.227655
Third Party Advisory
https://vuldb.com/?id.227655
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:ui:er-x_firmware:*:*:*:*:*:*:*:*

Версия до 2.0.9 (исключая)

cpe:2.3:o:ui:er-x_firmware:2.0.9:-:*:*:*:*:*:*

cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix2:*:*:*:*:*:*

cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix3:*:*:*:*:*:*

cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix4:*:*:*:*:*:*

cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix5:*:*:*:*:*:*

cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix6:*:*:*:*:*:*

cpe:2.3:h:ui:er-x:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

Одно из

cpe:2.3:o:ui:er-x-sfp_firmware:*:*:*:*:*:*:*:*

Версия до 2.0.9 (исключая)

cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:-:*:*:*:*:*:*

cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix2:*:*:*:*:*:*

cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix3:*:*:*:*:*:*

cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix4:*:*:*:*:*:*

cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix5:*:*:*:*:*:*

cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix6:*:*:*:*:*:*

cpe:2.3:h:ui:er-x-sfp:-:*:*:*:*:*:*:*

EPSS

Процентиль: 27%

0.00094

Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-404

Связанные уязвимости

GHSA-mcpg-92rm-rc27