exploitDog

CVE-2023-33374

Опубликовано: 04 авг. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Connected IO v2.1.0 and prior has a command as part of its communication protocol allowing the management platform to specify arbitrary OS commands for devices to execute. Attackers abusing this dangerous functionality may issue all devices OS commands to execute, resulting in arbitrary remote command execution.

Ссылки

https://claroty.com/team82/disclosure-dashboard/cve-2023-33374
Third Party Advisory
https://www.connectedio.com/products/routers
Product
https://claroty.com/team82/disclosure-dashboard/cve-2023-33374
Third Party Advisory
https://www.connectedio.com/products/routers
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:connectedio:connected_io:*:*:*:*:*:*:*:*

Версия до 2.1.0 (включая)

EPSS

Процентиль: 79%

0.01265

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-78

Связанные уязвимости

GHSA-jm9j-4c6r-hfr6

CVSS3: 9.8

github

больше 2 лет назад

Connected IO v2.1.0 and prior has a command as part of its communication protocol allowing the management platform to specify arbitrary OS commands for devices to execute. Attackers abusing this dangerous functionality may issue all devices OS commands to execute, resulting in arbitrary remote command execution.

EPSS

Процентиль: 79%

0.01265

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-78