ID

VAR-202306-0752


CVE

CVE-2023-31195


TITLE

ASUS  router  RT-AX3000  In  Secure  without attributes  Cookie  Usage vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2023-000048

DESCRIPTION

ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without 'Secure' attribute. When an attacker is in a position to be able to mount a man-in-the-middle attack, and a user is tricked to log into the affected device through an unencrypted ('http') connection, the user's session may be hijacked. ASUSTeK COMPUTER INC. This vulnerability information is reported directly to the product developer by the following person, and after coordination with the product developer, for the purpose of disseminating it to product users. JVN It was announced at

Trust: 1.71

sources: NVD: CVE-2023-31195 // JVNDB: JVNDB-2023-000048 // VULMON: CVE-2023-31195

AFFECTED PRODUCTS

vendor:asusmodel:rt-ax3000scope:ltversion:3.0.0.4.388.23403

Trust: 1.0

vendor:asustek computermodel:asus ルーター rt-ax3000scope:eqversion: -

Trust: 0.8

vendor:asustek computermodel:asus ルーター rt-ax3000scope:eqversion:asus router rt-ax3000 firmware 3.0.0.4.388.23403 before that

Trust: 0.8

sources: JVNDB: JVNDB-2023-000048 // NVD: CVE-2023-31195

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-31195
value: MEDIUM

Trust: 1.0

IPA: JVNDB-2023-000048
value: LOW

Trust: 0.8

CNNVD: CNNVD-202306-745
value: MEDIUM

Trust: 0.6

IPA: JVNDB-2023-000048
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2023-31195
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.6
impactScore: 3.6
version: 3.1

Trust: 1.0

IPA: JVNDB-2023-000048
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-000048 // CNNVD: CNNVD-202306-745 // NVD: CVE-2023-31195

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.0

problemtype:others (CWE-Other) [IPA evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-000048 // NVD: CVE-2023-31195

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202306-745

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202306-745

PATCH

title:RT-AX3000 series (RT-AX3000/RT-AX3000 V2)url:https://www.asus.com/jp/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ax3000/helpdesk_bios/?model2Name=RT-AX3000

Trust: 0.8

title:ASUS RT-AX3000 Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=242487

Trust: 0.6

sources: JVNDB: JVNDB-2023-000048 // CNNVD: CNNVD-202306-745

EXTERNAL IDS

db:NVDid:CVE-2023-31195

Trust: 3.3

db:JVNid:JVN34232595

Trust: 2.5

db:JVNDBid:JVNDB-2023-000048

Trust: 1.4

db:CNNVDid:CNNVD-202306-745

Trust: 0.6

db:VULMONid:CVE-2023-31195

Trust: 0.1

sources: VULMON: CVE-2023-31195 // JVNDB: JVNDB-2023-000048 // CNNVD: CNNVD-202306-745 // NVD: CVE-2023-31195

REFERENCES

url:https://www.asus.com/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ax3000/helpdesk_bios/?model2name=rt-ax3000

Trust: 1.7

url:https://jvn.jp/en/jp/jvn34232595/

Trust: 1.7

url:https://jvn.jp/jp/jvn34232595/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-31195

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-31195/

Trust: 0.6

url:https://jvndb.jvn.jp/en/contents/2023/jvndb-2023-000048.html

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-31195 // JVNDB: JVNDB-2023-000048 // CNNVD: CNNVD-202306-745 // NVD: CVE-2023-31195

SOURCES

db:VULMONid:CVE-2023-31195
db:JVNDBid:JVNDB-2023-000048
db:CNNVDid:CNNVD-202306-745
db:NVDid:CVE-2023-31195

LAST UPDATE DATE

2024-08-14T14:23:59.452000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-31195date:2023-06-13T00:00:00
db:JVNDBid:JVNDB-2023-000048date:2024-04-18T08:43:00
db:CNNVDid:CNNVD-202306-745date:2023-06-25T00:00:00
db:NVDid:CVE-2023-31195date:2023-06-21T18:25:17.290

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-31195date:2023-06-13T00:00:00
db:JVNDBid:JVNDB-2023-000048date:2023-06-09T00:00:00
db:CNNVDid:CNNVD-202306-745date:2023-06-09T00:00:00
db:NVDid:CVE-2023-31195date:2023-06-13T10:15:10.410