CVE-2023-31241

Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright.

CVSS v3 8.6 HIGH

8.6^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01	Third Party Advisory US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:snapone:orvc:*:*:*:*:*:pro:*:*

OR	cpe:2.3:h:control4:ca-1:-:::::::*
	cpe:2.3:h:control4:ca-10:-:::::::*
	cpe:2.3:h:control4:ea-1:-:::::::*
	cpe:2.3:h:control4:ea-3:-:::::::*
	cpe:2.3:h:control4:ea-5:-:::::::*
	cpe:2.3:h:snapone:an-110-rt-2l1w:-:::::::*
	cpe:2.3:h:snapone:an-110-rt-2l1w-wifi:-:::::::*
	cpe:2.3:h:snapone:an-310-rt-4l2w:-:::::::*
	cpe:2.3:h:snapone:ovrc-300-pro:-:::::::*
	cpe:2.3:h:snapone:pakedge_rk-1:-:::::::*
	cpe:2.3:h:snapone:pakedge_rt-3100:-:::::::*
	cpe:2.3:h:snapone:pakedge_wr-1:-:::::::*

History

21 Nov 2024, 08:01

Type	Values Removed	Values Added
References	~~() https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01 - Third Party Advisory, US Government Resource~~	() https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01 - Third Party Advisory, US Government Resource
CVSS	v2 : ~~unknown~~ v3 : ~~10.0~~	v2 : unknown v3 : 8.6

31 May 2023, 14:59

Type	Values Removed	Values Added
CWE	~~CWE-284~~	NVD-CWE-noinfo
First Time		Control4 ca-1 Snapone pakedge Rk-1 Control4 ea-1 Snapone ovrc-300-pro Snapone pakedge Wr-1 Control4 ea-5 Snapone Control4 ca-10 Snapone orvc Snapone an-110-rt-2l1w-wifi Control4 Control4 ea-3 Snapone pakedge Rt-3100 Snapone an-110-rt-2l1w Snapone an-310-rt-4l2w
References	~~(MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01 -~~	(MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01 - Third Party Advisory, US Government Resource
CPE		cpe:2.3:h:snapone:ovrc-300-pro:-:::::::* cpe:2.3:a:snapone:orvc::::::pro::* cpe:2.3:h:snapone:an-110-rt-2l1w:-:::::::* cpe:2.3:h:snapone:an-310-rt-4l2w:-:::::::* cpe:2.3:h:snapone:pakedge_rk-1:-:::::::* cpe:2.3:h:snapone:pakedge_rt-3100:-:::::::* cpe:2.3:h:snapone:pakedge_wr-1:-:::::::* cpe:2.3:h:control4:ea-5:-:::::::* cpe:2.3:h:control4:ea-1:-:::::::* cpe:2.3:h:control4:ca-1:-:::::::* cpe:2.3:h:control4:ea-3:-:::::::* cpe:2.3:h:snapone:an-110-rt-2l1w-wifi:-:::::::* cpe:2.3:h:control4:ca-10:-:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 10.0

Information

Published : 2023-05-22 20:15

Updated : 2024-11-21 08:01

NVD link : CVE-2023-31241

Mitre link : CVE-2023-31241

CVE.ORG link : CVE-2023-31241

JSON object : View

Products Affected

snapone

pakedge_rt-3100
pakedge_wr-1
pakedge_rk-1
an-110-rt-2l1w-wifi
orvc
an-110-rt-2l1w
an-310-rt-4l2w
ovrc-300-pro

control4

ca-10
ea-5
ea-3
ea-1
ca-1

CWE

CWE-284

Improper Access Control

NVD-CWE-noinfo

8.6 /10