CVE-2023-33374

{"id": "CVE-2023-33374", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-08-04T18:15:12.183", "references": [{"url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-33374", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.connectedio.com/products/routers", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-33374", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.connectedio.com/products/routers", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Connected IO v2.1.0 and prior has a command as part of its communication protocol allowing the management platform to specify arbitrary OS commands for devices to execute. Attackers abusing this dangerous functionality may issue all devices OS commands to execute, resulting in arbitrary remote command execution."}, {"lang": "es", "value": "Connected IO v2.1.0 y anteriores tiene un comando como parte de su protocolo de comunicaci\u00f3n que permite a la plataforma de gesti\u00f3n especificar comandos de SO arbitrarios para que los dispositivos los ejecuten. Los atacantes que abusen de esta peligrosa funcionalidad pueden enviar a todos los dispositivos comandos del sistema operativo para su ejecuci\u00f3n, lo que resulta en la ejecuci\u00f3n remota de comandos arbitrarios.\n"}], "lastModified": "2024-11-21T08:05:30.293", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:connectedio:connected_io:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF690623-7129-4811-9897-90ECE1F8DFDA", "versionEndIncluding": "2.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}