CVE-2023-4659

Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform as an administrator, simply by changing the token value to "admin". It is also possible to perform POST, GET and DELETE requests without any token value. Therefore, an unprivileged remote user is able to create, delete and modify users within theapplication.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-request-forgery-free5gc	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:free5gc:free5gc:1.1.1:*:*:*:*:*:*:*

History

04 Oct 2023, 17:01

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
First Time		Free5gc free5gc Free5gc
CWE		CWE-352
CPE		cpe:2.3:a:free5gc:free5gc:1.1.1:::::::*
References	~~(MISC) https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-request-forgery-free5gc -~~	(MISC) https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-request-forgery-free5gc - Third Party Advisory

02 Oct 2023, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-10-02 15:15

Updated : 2024-02-28 20:33

NVD link : CVE-2023-4659

Mitre link : CVE-2023-4659

CVE.ORG link : CVE-2023-4659

JSON object : View

Products Affected

free5gc

free5gc

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2023-4659", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cve-coordination@incibe.es", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-10-02T15:15:15.017", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-request-forgery-free5gc", "tags": ["Third Party Advisory"], "source": "cve-coordination@incibe.es"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}, {"type": "Secondary", "source": "cve-coordination@incibe.es", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform as an administrator, simply by changing the token value to \"admin\". It is also possible to perform POST, GET and DELETE requests without any token value. Therefore, an unprivileged remote user is able to create, delete and modify users within theapplication."}, {"lang": "es", "value": "Vulnerabilidad de Cross-Site Request Forgery, cuya explotaci\u00f3n podr\u00eda permitir a un atacante realizar diferentes acciones en la plataforma como administrador, simplemente cambiando el valor del token a \"admin\". Tambi\u00e9n es posible realizar solicitudes POST, GET y DELETE sin ning\u00fan valor de token. Por lo tanto, un usuario remoto sin privilegios puede crear, eliminar y modificar usuarios dentro de la aplicaci\u00f3n."}], "lastModified": "2023-10-04T17:01:28.217", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:free5gc:free5gc:1.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46749F6B-90B4-4865-91E1-48F737CC388F"}], "operator": "OR"}]}], "sourceIdentifier": "cve-coordination@incibe.es"}