Details of VAR-202306-1993

ID

VAR-202306-1993

CVE

CVE-2023-3333

TITLE

NEC Aterm Multiple vulnerabilities in series

Trust: 0.8

sources: JVNDB: JVNDB-2023-000066

DESCRIPTION

Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to execute an arbitrary OS command with the root privilege, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities. None

Trust: 1.71

sources: NVD: CVE-2023-3333 // JVNDB: JVNDB-2023-000066 // VULMON: CVE-2023-3333

AFFECTED PRODUCTS

vendor:	nec	model:	aterm wg1800hp2	scope:	eq	version:	-	Trust: 1.0
vendor:	nec	model:	aterm wr8170n	scope:	eq	version:	-	Trust: 1.0
vendor:	nec	model:	aterm wr8750n	scope:	eq	version:	-	Trust: 1.0
vendor:	nec	model:	aterm wr9500n	scope:	eq	version:	-	Trust: 1.0
vendor:	nec	model:	aterm wr8175n	scope:	eq	version:	-	Trust: 1.0
vendor:	nec	model:	aterm wr8600n	scope:	eq	version:	-	Trust: 1.0
vendor:	nec	model:	aterm wg300hp	scope:	eq	version:	-	Trust: 1.0
vendor:	nec	model:	aterm wr8700n	scope:	eq	version:	-	Trust: 1.0
vendor:	nec	model:	aterm wg2200hp	scope:	eq	version:	-	Trust: 1.0
vendor:	nec	model:	aterm wr9300n	scope:	eq	version:	-	Trust: 1.0
vendor:	nec	model:	aterm wg2600hp2	scope:	eq	version:	-	Trust: 1.0
vendor:	nec	model:	aterm wg1400hp	scope:	eq	version:	-	Trust: 1.0
vendor:	nec	model:	aterm wg600hp	scope:	eq	version:	-	Trust: 1.0
vendor:	nec	model:	aterm wg1800hp	scope:	eq	version:	-	Trust: 1.0
vendor:	nec	model:	aterm wf300hp	scope:	eq	version:	-	Trust: 1.0
vendor:	nec	model:	aterm wr8370n	scope:	eq	version:	-	Trust: 1.0
vendor:	nec	model:	aterm wg2600hp	scope:	eq	version:	-	Trust: 1.0
vendor:	日本電気	model:	aterm wg2200hp	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wf300hp	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wr9500n	scope:	eq	version:	all s	Trust: 0.8
vendor:	日本電気	model:	aterm wg2600hp2	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wr8170n	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wr8750n	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wg1400hp	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wg300hp	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wr8700n	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wr9300n	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wr8175n	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wg1800hp2	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wg2600hp	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wr8370n	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wr8600n	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wg1800hp	scope:	-	version:	-	Trust: 0.8
vendor:	日本電気	model:	aterm wg600hp	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-000066 // NVD: CVE-2023-3333

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-3333
value:	HIGH
Trust: 1.0
IPA:	JVNDB-2023-000066
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202306-1969
value:	HIGH
Trust: 0.6

IPA:	JVNDB-2023-000066
severity:	HIGH
baseScore:	7.7
vectorString:	AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

nvd@nist.gov:	CVE-2023-3333
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
IPA:	JVNDB-2023-000066
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-000066 // CNNVD: CNNVD-202306-1969 // NVD: CVE-2023-3333

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	Path traversal (CWE-22) [IPA evaluation ]	Trust: 0.8
problemtype:	Cross-site scripting (CWE-79) [IPA evaluation ]	Trust: 0.8
problemtype:	OS Command injection (CWE-78) [IPA evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-000066 // NVD: CVE-2023-3333

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202306-1969

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202306-1969

PATCH

title:	Information from NEC Corporation	url:	https://jvn.jp/jp/JVN38343415/6443/index.html	Trust: 0.8
title:	NEC Aterm WG2200HP Fixes for operating system command injection vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=244510	Trust: 0.6

sources: JVNDB: JVNDB-2023-000066 // CNNVD: CNNVD-202306-1969

EXTERNAL IDS

db:	NVD	id:	CVE-2023-3333	Trust: 3.3
db:	JVNDB	id:	JVNDB-2023-000066	Trust: 1.4
db:	JVN	id:	JVN38343415	Trust: 0.8
db:	CNNVD	id:	CNNVD-202306-1969	Trust: 0.6
db:	VULMON	id:	CVE-2023-3333	Trust: 0.1

sources: VULMON: CVE-2023-3333 // JVNDB: JVNDB-2023-000066 // CNNVD: CNNVD-202306-1969 // NVD: CVE-2023-3333

REFERENCES

url:	https://https://jpn.nec.com/security-info/secinfo/nv23-007_en.html	Trust: 1.1
url:	https://jvn.jp/jp/jvn38343415/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-3330	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-3331	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-3332	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-3333	Trust: 0.8
url:	https://jpn.nec.com/security-info/secinfo/nv23-007_en.html	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2023-3333/	Trust: 0.6
url:	https://jvndb.jvn.jp/en/contents/2023/jvndb-2023-000066.html	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2023-3333 // JVNDB: JVNDB-2023-000066 // CNNVD: CNNVD-202306-1969 // NVD: CVE-2023-3333

SOURCES

db:	VULMON	id:	CVE-2023-3333
db:	JVNDB	id:	JVNDB-2023-000066
db:	CNNVD	id:	CNNVD-202306-1969
db:	NVD	id:	CVE-2023-3333

LAST UPDATE DATE

2024-08-14T14:17:08.637000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2023-3333	date:	2023-06-28T00:00:00
db:	JVNDB	id:	JVNDB-2023-000066	date:	2024-05-22T09:08:00
db:	CNNVD	id:	CNNVD-202306-1969	date:	2023-07-06T00:00:00
db:	NVD	id:	CVE-2023-3333	date:	2023-07-05T19:19:52.590

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2023-3333	date:	2023-06-28T00:00:00
db:	JVNDB	id:	JVNDB-2023-000066	date:	2023-06-27T00:00:00
db:	CNNVD	id:	CNNVD-202306-1969	date:	2023-06-27T00:00:00
db:	NVD	id:	CVE-2023-3333	date:	2023-06-28T02:15:49.713