CVE-2023-41779

There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:zte:zxcloud_irai_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:zte:zxcloud_irai:-:*:*:*:*:*:*:*

History

09 Jan 2024, 20:01

Type	Values Removed	Values Added
References	~~() https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404 -~~	() https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404 - Vendor Advisory
First Time		Zte zxcloud Irai Firmware Zte Zte zxcloud Irai
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		CWE-863
CPE		cpe:2.3:o:zte:zxcloud_irai_firmware:::::::: cpe:2.3:h:zte:zxcloud_irai:-:::::::*

03 Jan 2024, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-03 02:15

Updated : 2024-02-28 20:54

NVD link : CVE-2023-41779

Mitre link : CVE-2023-41779

CVE.ORG link : CVE-2023-41779

JSON object : View

Products Affected

zte

zxcloud_irai_firmware
zxcloud_irai

CWE

CWE-863

Incorrect Authorization

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2023-41779", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "psirt@zte.com.cn", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.8}]}, "published": "2024-01-03T02:15:43.217", "references": [{"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404", "tags": ["Vendor Advisory"], "source": "psirt@zte.com.cn"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}, {"type": "Secondary", "source": "psirt@zte.com.cn", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed.\n\n\n"}, {"lang": "es", "value": "Existe una vulnerabilidad de acceso ilegal a la memoria del producto ZXCLOUD iRAI de ZTE. Cuando la vulnerabilidad es explotada por un atacante con permiso de usuario com\u00fan, la m\u00e1quina f\u00edsica fallar\u00e1."}], "lastModified": "2024-01-09T20:01:09.923", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxcloud_irai_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC0DCC6B-32B8-4C28-BDAF-37604BA1ABFC", "versionEndExcluding": "7.23.32"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxcloud_irai:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6D48BE8C-7C78-41D7-87F1-22BFB91E3A5C"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@zte.com.cn"}