exploitDog

CVE-2023-32752

Опубликовано: 16 июн. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

L7 Networks InstantScan IS-8000 & InstantQoS IQ-8000’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.

Ссылки

https://www.twcert.org.tw/en/cp-139-7189-5995e-2.html
Third Party Advisory
https://www.twcert.org.tw/en/cp-139-7189-5995e-2.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:l7-networks:instantqos:iq-8000:*:*:*:*:*:*:*

cpe:2.3:a:l7-networks:instantscan:is-8000:*:*:*:*:*:*:*

EPSS

Процентиль: 73%

0.00786

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-m3qv-h8r8-8436

CVSS3: 9.8

github

больше 2 лет назад

L7 Networks InstantScan IS-8000 & InstantQoS IQ-8000’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.

EPSS

Процентиль: 73%

0.00786

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434