fkie_cve-2023-5142
Vulnerability from fkie_nvd
Published
2023-09-24 22:15
Modified
2024-11-21 08:41
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file /userLogin.asp of the component Config File Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-240238 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/CJCniubi666/H3C-ER/blob/main/README.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/yinsel/CVE-H3C-Report | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.240238 | Permissions Required, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?id.240238 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/CJCniubi666/H3C-ER/blob/main/README.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/yinsel/CVE-H3C-Report | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.240238 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.240238 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| h3c | gr-1100-p_firmware | * | |
| h3c | gr-1100-p | - | |
| h3c | gr-1108-p_firmware | * | |
| h3c | gr-1108-p | - | |
| h3c | gr-1200w_firmware | * | |
| h3c | gr-1200w | - | |
| h3c | gr-1800ax_firmware | * | |
| h3c | gr-1800ax | - | |
| h3c | gr-2200_firmware | * | |
| h3c | gr-2200 | - | |
| h3c | gr-3200_firmware | * | |
| h3c | gr-3200 | - | |
| h3c | gr-5200_firmware | * | |
| h3c | gr-5200 | - | |
| h3c | gr-8300_firmware | * | |
| h3c | gr-8300 | - | |
| h3c | er3260g2_firmware | * | |
| h3c | er3260g2 | - | |
| h3c | er5200g2_firmware | * | |
| h3c | er5200g2 | - | |
| h3c | er3200g2_firmware | * | |
| h3c | er3200g2 | - | |
| h3c | er2100n_firmware | * | |
| h3c | er2100n | - | |
| h3c | er6300g2_firmware | * | |
| h3c | er6300g2 | - | |
| h3c | er5100g2_firmware | * | |
| h3c | er5100g2 | - | |
| h3c | er2200g2_firmware | * | |
| h3c | er2200g2 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:h3c:gr-1100-p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D840020D-2C49-4208-BA79-9BF9C4EBA4D9",
"versionEndIncluding": "20230908",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:h3c:gr-1100-p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2A23D8-5DF5-4647-AB32-AF86E117789F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:h3c:gr-1108-p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A33D38D0-144E-4576-96F5-D184485EF455",
"versionEndIncluding": "20230908",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:h3c:gr-1108-p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E432A5DB-5D0F-464F-8235-EB9543E3F06A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:h3c:gr-1200w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94126EC2-0D0B-46F3-8CF6-3E1C42D7D100",
"versionEndIncluding": "20230908",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:h3c:gr-1200w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4ECDCE3-0655-43A0-A6C5-658E7C4F5470",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:h3c:gr-1800ax_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19B18747-B268-45AB-A254-64DCB72C109B",
"versionEndIncluding": "20230908",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:h3c:gr-1800ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "435BF35B-1867-48E5-BC8C-3F868E9B419B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:h3c:gr-2200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75F33539-7670-4732-B470-4AB11816E549",
"versionEndIncluding": "20230908",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:h3c:gr-2200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8543B702-DF8C-435F-A39E-56C8043E4321",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:h3c:gr-3200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D94AFA76-7869-4B48-B22B-AAC0AE7D7960",
"versionEndIncluding": "20230908",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:h3c:gr-3200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "945172AA-02BE-4538-952C-3F2EF9749810",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:h3c:gr-5200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D61370D-1950-4AA3-A6A2-CFE9A199CAE8",
"versionEndIncluding": "20230908",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:h3c:gr-5200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55A3F347-7936-4966-9C0B-D61CC92BA85A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:h3c:gr-8300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A545124C-076D-46E7-96B2-4B8CFF2BEFB8",
"versionEndIncluding": "20230908",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:h3c:gr-8300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AB46F02-E18F-4E67-A941-FE24C06C2CFC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:h3c:er3260g2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60B2DE7C-598B-4002-BB42-EC2D7E129FBF",
"versionEndIncluding": "20230908",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:h3c:er3260g2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6504103-D36F-499D-A6CE-1E952477B00F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:h3c:er5200g2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39FEFC0A-4816-419E-830C-7D2AE5C95EEF",
"versionEndIncluding": "20230908",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:h3c:er5200g2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC97A451-6C13-4805-BF52-9C424B898636",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:h3c:er3200g2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88AC8D91-BA03-49AC-9FC7-2D3DA30E9D4D",
"versionEndIncluding": "20230908",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:h3c:er3200g2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3126DFD1-B3D2-4F01-BDB6-D22E681E3228",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:h3c:er2100n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28BE8148-9573-4708-B5DE-6ED69AED6993",
"versionEndIncluding": "20230908",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:h3c:er2100n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "803C9117-16A7-4812-A530-82AE6B331147",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:h3c:er6300g2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A6F28D8-BA6D-497E-95AA-D35052FFBF6F",
"versionEndIncluding": "20230908",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:h3c:er6300g2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E9CE23F-9941-471E-82CE-0EE150608E04",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:h3c:er5100g2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFDDB7BA-795A-4853-B3C6-3894DA11E69E",
"versionEndIncluding": "20230908",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:h3c:er5100g2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11594FE2-E591-4F06-9856-751DCF3F8949",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:h3c:er2200g2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51A4E096-5A31-468B-B84B-9DDA123BEE2F",
"versionEndIncluding": "20230908",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:h3c:er2200g2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB4A4EC-8E98-4F3B-B116-925B15A9E5C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file /userLogin.asp of the component Config File Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-240238 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad clasificada como problem\u00e1tica fue encontrada en H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2 , ER3260G2, ER5100G2, ER5200G2 y ER6300G2 hasta 20230908. Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo /userLogin.asp del componente Config File Handler. La manipulaci\u00f3n conduce al recorrido del camino. El ataque se puede iniciar de forma remota. La complejidad de un ataque es bastante alta. La explotaci\u00f3n parece dif\u00edcil. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-240238 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"id": "CVE-2023-5142",
"lastModified": "2024-11-21T08:41:08.843",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-24T22:15:10.087",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/CJCniubi666/H3C-ER/blob/main/README.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/yinsel/CVE-H3C-Report"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://vuldb.com/?ctiid.240238"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.240238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/CJCniubi666/H3C-ER/blob/main/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/yinsel/CVE-H3C-Report"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://vuldb.com/?ctiid.240238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://vuldb.com/?id.240238"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…