Details of VAR-202306-1991

ID

VAR-202306-1991

CVE

CVE-2023-3332

TITLE

NEC Aterm Multiple vulnerabilities in series

Trust: 0.8

sources: JVNDB: JVNDB-2023-000066

DESCRIPTION

Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to execute an arbitrary script, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities. None

Trust: 1.71

sources: NVD: CVE-2023-3332 // JVNDB: JVNDB-2023-000066 // VULMON: CVE-2023-3332

AFFECTED PRODUCTS

vendor:	nec	model:	aterm wg1800hp2	scope:	eq	version:	-	Trust: 1.0
vendor:	nec	model:	aterm wr8170n	scope:	eq	version:	-	Trust: 1.0
vendor:	nec	model:	aterm wr8750n	scope:	eq	version:	-	Trust: 1.0
vendor:	nec	model:	aterm wr9500n	scope:	eq	version:	-	Trust: 1.0
vendor:	nec	model:	aterm wr8175n	scope:	eq	version:	-	Trust: 1.0
vendor:	nec	model:	aterm wr8600n	scope:	eq	version:	-	Trust: 1.0
vendor:	nec	model:	aterm wg300hp	scope:	eq	version:	-	Trust: 1.0
vendor:	nec	model:	aterm wr8700n	scope:	eq	version:	-	Trust: 1.0
vendor:	nec	model:	aterm wg2200hp	scope:	eq	version:	-	Trust: 1.0
vendor:	nec	model:	aterm wr9300n	scope:	eq	version:	-	Trust: 1.0
vendor:	nec	model:	aterm wg2600hp2	scope:	eq	version:	-	Trust: 1.0
vendor:	nec	model:	aterm wg1400hp	scope:	eq	version:	-	Trust: 1.0
vendor:	nec	model:	aterm wg600hp	scope:	eq	version:	-	Trust: 1.0
vendor:	nec	model:	aterm wg1800hp	scope:	eq	version:	-	Trust: 1.0
vendor:	nec	model:	aterm wf300hp	scope:	eq	version:	-	Trust: 1.0
vendor:	nec	model:	aterm wr8370n	scope:	eq	version:	-	Trust: 1.0
vendor:	nec	model:	aterm wg2600hp	scope:	eq	version:	-	Trust: 1.0
vendor:	日本電気	model:	aterm wg2200hp	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wf300hp	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wr9500n	scope:	eq	version:	all s	Trust: 0.8
vendor:	日本電気	model:	aterm wg2600hp2	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wr8170n	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wr8750n	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wg1400hp	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wg300hp	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wr8700n	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wr9300n	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wr8175n	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wg1800hp2	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wg2600hp	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wr8370n	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wr8600n	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wg1800hp	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wg600hp	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-000066 // NVD: CVE-2023-3332

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-3332
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202306-1971
value:	MEDIUM
Trust: 0.6

IPA:	JVNDB-2023-000066
severity:	LOW
baseScore:	2.3
vectorString:	AV:A/AC:M/AU:S/C:N/I:P/A:N
accessVector:	ADJACENT NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

nvd@nist.gov:	CVE-2023-3332
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.7
impactScore:	2.7
version:	3.1
Trust: 1.0
IPA:	JVNDB-2023-000066
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-000066 // CNNVD: CNNVD-202306-1971 // NVD: CVE-2023-3332

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.0
problemtype:	Path traversal (CWE-22) [IPA evaluation ]	Trust: 0.8
problemtype:	Cross-site scripting (CWE-79) [IPA evaluation ]	Trust: 0.8
problemtype:	OS Command injection (CWE-78) [IPA evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-000066 // NVD: CVE-2023-3332

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202306-1971

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202306-1971

PATCH

title:	Information from NEC Corporation	url:	https://jvn.jp/jp/JVN38343415/6443/index.html	Trust: 0.8
title:	NEC Aterm WG2200HP Fixes for cross-site scripting vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=244512	Trust: 0.6

sources: JVNDB: JVNDB-2023-000066 // CNNVD: CNNVD-202306-1971

EXTERNAL IDS

db:	NVD	id:	CVE-2023-3332	Trust: 3.3
db:	JVNDB	id:	JVNDB-2023-000066	Trust: 1.4
db:	JVN	id:	JVN38343415	Trust: 0.8
db:	CNNVD	id:	CNNVD-202306-1971	Trust: 0.6
db:	VULMON	id:	CVE-2023-3332	Trust: 0.1

sources: VULMON: CVE-2023-3332 // JVNDB: JVNDB-2023-000066 // CNNVD: CNNVD-202306-1971 // NVD: CVE-2023-3332

REFERENCES

url:	https://https://jpn.nec.com/security-info/secinfo/nv23-007_en.html	Trust: 1.1
url:	https://jvn.jp/jp/jvn38343415/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-3330	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-3331	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-3332	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-3333	Trust: 0.8
url:	https://jpn.nec.com/security-info/secinfo/nv23-007_en.html	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2023-3332/	Trust: 0.6
url:	https://jvndb.jvn.jp/en/contents/2023/jvndb-2023-000066.html	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2023-3332 // JVNDB: JVNDB-2023-000066 // CNNVD: CNNVD-202306-1971 // NVD: CVE-2023-3332

SOURCES

db:	VULMON	id:	CVE-2023-3332
db:	JVNDB	id:	JVNDB-2023-000066
db:	CNNVD	id:	CNNVD-202306-1971
db:	NVD	id:	CVE-2023-3332

LAST UPDATE DATE

2024-08-14T14:17:08.611000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2023-3332	date:	2023-06-28T00:00:00
db:	JVNDB	id:	JVNDB-2023-000066	date:	2024-05-22T09:08:00
db:	CNNVD	id:	CNNVD-202306-1971	date:	2023-07-06T00:00:00
db:	NVD	id:	CVE-2023-3332	date:	2023-07-05T19:19:49.067

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2023-3332	date:	2023-06-28T00:00:00
db:	JVNDB	id:	JVNDB-2023-000066	date:	2023-06-27T00:00:00
db:	CNNVD	id:	CNNVD-202306-1971	date:	2023-06-27T00:00:00
db:	NVD	id:	CVE-2023-3332	date:	2023-06-28T02:15:49.650