exploitDog

CVE-2023-25914

Опубликовано: 21 авг. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

Due to improper restriction, authenticated attackers could retrieve and read system files of the underlying server through the XML interface. The information that can be read can lead to a full system compromise.

Ссылки

https://csirt.divd.nl/CVE-2023-25914
Third Party Advisory
https://csirt.divd.nl/DIVD-2023-00025
Third Party Advisory
https://csirt.divd.nl/CVE-2023-25914
Third Party Advisory
https://csirt.divd.nl/DIVD-2023-00025
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:danfoss:ak-sm_800a_firmware:*:*:*:*:*:*:*:*

Версия до 3.3 (включая)

cpe:2.3:h:danfoss:ak-sm_800a:-:*:*:*:*:*:*:*

EPSS

Процентиль: 39%

0.00176

Низкий

8.8 High

CVSS3

Дефекты

CWE-22

CWE-22

Связанные уязвимости

GHSA-cmrr-63r4-j6f9

CVSS3: 9.9

github

больше 2 лет назад

Due to improper restriction, attackers could retrieve and read system files of the underlying server through the XML interface.

EPSS

Процентиль: 39%

0.00176

Низкий

8.8 High

CVSS3

Дефекты

CWE-22

CWE-22