CVE-2023-38027

{"id": "CVE-2023-38027", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-08-28T04:15:17.160", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7334-351fb-1.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "\nSpotCam Co., Ltd. SpotCam Sense\u2019s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to perform arbitrary system commands or disrupt service.\n\n"}, {"lang": "es", "value": "La funci\u00f3n oculta Telnet de SpotCam Sense de SpotCam Co. Ltd. tiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo. Un atacante remoto no autenticado puede explotar esta vulnerabilidad para ejecutar un ataque de inyecci\u00f3n de comandos para ejecutar comandos arbitrarios del sistema o interrumpir el servicio. "}], "lastModified": "2023-08-29T16:24:23.790", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:myspotcam:sense_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D84520FA-1323-47CE-BFA2-AA0C593A8C42", "versionEndExcluding": "2.2046"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:myspotcam:sense:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DC68B2F8-BEBD-4E0A-8565-715481FB854A"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "twcert@cert.org.tw"}