CVE-2023-1731

In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-2023-02-lantime-firmware-v7-06-013.htm	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:meinbergglobal:lantime_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:meinbergglobal:lantime_m100:-:::::::*
	cpe:2.3:h:meinbergglobal:lantime_m200:-:::::::*
	cpe:2.3:h:meinbergglobal:lantime_m300:-:::::::*
	cpe:2.3:h:meinbergglobal:lantime_m400:-:::::::*
	cpe:2.3:h:meinbergglobal:lantime_m600:-:::::::*
	cpe:2.3:h:meinbergglobal:lantime_m900:-:::::::*

History

No history.

Information

Published : 2023-04-24 14:15

Updated : 2024-02-28 20:13

NVD link : CVE-2023-1731

Mitre link : CVE-2023-1731

CVE.ORG link : CVE-2023-1731

JSON object : View

Products Affected

meinbergglobal

lantime_m300
lantime_m100
lantime_m200
lantime_m900
lantime_firmware
lantime_m400
lantime_m600

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2023-1731", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "info@cert.vde.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2023-04-24T14:15:07.640", "references": [{"url": "https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-2023-02-lantime-firmware-v7-06-013.htm", "tags": ["Vendor Advisory"], "source": "info@cert.vde.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "info@cert.vde.com", "description": [{"lang": "en", "value": "CWE-434"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands.\n"}], "lastModified": "2023-05-23T06:15:09.180", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:meinbergglobal:lantime_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8085F2DD-CD93-4D37-9567-62966EB45A12", "versionEndExcluding": "7.06.013"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:meinbergglobal:lantime_m100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2541CE93-F4C4-453E-83AC-ED39D83571DF"}, {"criteria": "cpe:2.3:h:meinbergglobal:lantime_m200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A0C58392-64BE-4A64-9B43-F599D03CBD3E"}, {"criteria": "cpe:2.3:h:meinbergglobal:lantime_m300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D5FCA50A-2C6A-41ED-8E9D-38BA52C8428B"}, {"criteria": "cpe:2.3:h:meinbergglobal:lantime_m400:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "51E5EFBE-3C3F-4386-A469-E190611A5A34"}, {"criteria": "cpe:2.3:h:meinbergglobal:lantime_m600:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "46F4C7AA-30BB-402B-A21C-6FEEC919853C"}, {"criteria": "cpe:2.3:h:meinbergglobal:lantime_m900:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "164CB3CF-F979-4591-8DF8-972123E216B0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "info@cert.vde.com"}