Sign-up

ID

VAR-202306-0380


CVE

CVE-2023-30575


TITLE

Apache Guacamole Injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202306-532

DESCRIPTION

Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data

Trust: 0.99

sources: NVD: CVE-2023-30575 // VULMON: CVE-2023-30575

AFFECTED PRODUCTS

vendor:apachemodel:guacamolescope:ltversion:1.5.2

Trust: 1.0

sources: NVD: CVE-2023-30575

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-30575
value: HIGH

Trust: 1.0

security@apache.org: CVE-2023-30575
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202306-532
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2023-30575
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

security@apache.org: CVE-2023-30575
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202306-532 // NVD: CVE-2023-30575 // NVD: CVE-2023-30575

PROBLEMTYPE DATA

problemtype:CWE-131

Trust: 1.0

sources: NVD: CVE-2023-30575

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202306-532

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202306-532

PATCH

title:Apache Guacamole Repair measures for injecting vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=241778

Trust: 0.6

sources: CNNVD: CNNVD-202306-532

EXTERNAL IDS

db:NVDid:CVE-2023-30575

Trust: 1.7

db:CNNVDid:CNNVD-202306-532

Trust: 0.6

db:VULMONid:CVE-2023-30575

Trust: 0.1

sources: VULMON: CVE-2023-30575 // CNNVD: CNNVD-202306-532 // NVD: CVE-2023-30575

REFERENCES

url:https://lists.apache.org/thread/tn63n2lon0h5p45oft834t1dqvvxownv

Trust: 1.7

url:https://cxsecurity.com/cveshow/cve-2023-30575/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/74.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-30575 // CNNVD: CNNVD-202306-532 // NVD: CVE-2023-30575

SOURCES

db:VULMONid:CVE-2023-30575
db:CNNVDid:CNNVD-202306-532
db:NVDid:CVE-2023-30575

LAST UPDATE DATE

2024-08-14T15:36:56.481000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-30575date:2023-06-07T00:00:00
db:CNNVDid:CNNVD-202306-532date:2023-06-15T00:00:00
db:NVDid:CVE-2023-30575date:2023-06-15T08:15:09.223

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-30575date:2023-06-07T00:00:00
db:CNNVDid:CNNVD-202306-532date:2023-06-07T00:00:00
db:NVDid:CVE-2023-30575date:2023-06-07T09:15:09.993