fkie_cve-2023-31241
Vulnerability from fkie_nvd
Published
2023-05-22 20:15
Modified
2024-12-09 18:15
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| snapone | orvc | * | |
| control4 | ca-1 | - | |
| control4 | ca-10 | - | |
| control4 | ea-1 | - | |
| control4 | ea-3 | - | |
| control4 | ea-5 | - | |
| snapone | an-110-rt-2l1w | - | |
| snapone | an-110-rt-2l1w-wifi | - | |
| snapone | an-310-rt-4l2w | - | |
| snapone | ovrc-300-pro | - | |
| snapone | pakedge_rk-1 | - | |
| snapone | pakedge_rt-3100 | - | |
| snapone | pakedge_wr-1 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:snapone:orvc:*:*:*:*:*:pro:*:*", matchCriteriaId: "415E3C3D-6B2F-4095-B7F1-E3F777E01172", versionEndExcluding: "7.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:control4:ca-1:-:*:*:*:*:*:*:*", matchCriteriaId: "910274AB-35AF-428C-84D7-36774DEB59D8", vulnerable: false, }, { criteria: "cpe:2.3:h:control4:ca-10:-:*:*:*:*:*:*:*", matchCriteriaId: "852189C9-7720-468D-BCE0-28DFC051AEDC", vulnerable: false, }, { criteria: "cpe:2.3:h:control4:ea-1:-:*:*:*:*:*:*:*", matchCriteriaId: "C61FA2AE-A962-4D60-BBCF-751FDB5215B9", vulnerable: false, }, { criteria: "cpe:2.3:h:control4:ea-3:-:*:*:*:*:*:*:*", matchCriteriaId: "B6310809-0890-4113-837C-0074706B4E6B", vulnerable: false, }, { criteria: "cpe:2.3:h:control4:ea-5:-:*:*:*:*:*:*:*", matchCriteriaId: "F7ADAAF7-9B0B-4002-8158-FC6B0EAB6055", vulnerable: false, }, { criteria: "cpe:2.3:h:snapone:an-110-rt-2l1w:-:*:*:*:*:*:*:*", matchCriteriaId: "B5B50505-B496-4172-813E-CA174EE2D4DF", vulnerable: false, }, { criteria: "cpe:2.3:h:snapone:an-110-rt-2l1w-wifi:-:*:*:*:*:*:*:*", matchCriteriaId: "04744281-B935-4272-8582-85C6162881F8", vulnerable: false, }, { criteria: "cpe:2.3:h:snapone:an-310-rt-4l2w:-:*:*:*:*:*:*:*", matchCriteriaId: "CCD83E46-F84F-49F8-9601-ABC03292E0F6", vulnerable: false, }, { criteria: "cpe:2.3:h:snapone:ovrc-300-pro:-:*:*:*:*:*:*:*", matchCriteriaId: "F5B44DFB-CC8D-4342-907B-D34F9EAB5CEB", vulnerable: false, }, { criteria: "cpe:2.3:h:snapone:pakedge_rk-1:-:*:*:*:*:*:*:*", matchCriteriaId: "B2982D38-80BF-4041-9F59-D26C152D24D9", vulnerable: false, }, { criteria: "cpe:2.3:h:snapone:pakedge_rt-3100:-:*:*:*:*:*:*:*", matchCriteriaId: "061055F0-D742-4227-ADC2-1793979F9463", vulnerable: false, }, { criteria: "cpe:2.3:h:snapone:pakedge_wr-1:-:*:*:*:*:*:*:*", matchCriteriaId: "CF7BD251-BB2F-4C49-8B1E-8EB26580DFDB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright.", }, ], id: "CVE-2023-31241", lastModified: "2024-12-09T18:15:21.090", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4, source: "ics-cert@hq.dhs.gov", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-05-22T20:15:10.720", references: [ { source: "ics-cert@hq.dhs.gov", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01", }, ], sourceIdentifier: "ics-cert@hq.dhs.gov", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-420", }, ], source: "ics-cert@hq.dhs.gov", type: "Primary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.