Details of VAR-202307-1969

ID

VAR-202307-1969

CVE

CVE-2023-35087

TITLE

ASUS RT-AX56U Format string error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202307-1794

DESCRIPTION

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cm_processChangedConfigMsg in ccm_processREQ_CHANGED_CONFIG function in AiMesh system. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service. This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529

Trust: 0.99

sources: NVD: CVE-2023-35087 // VULMON: CVE-2023-35087

AFFECTED PRODUCTS

vendor:	asus	model:	rt-ax56u v2	scope:	eq	version:	3.0.0.4.386_50460	Trust: 1.0
vendor:	asus	model:	rt-ac86u	scope:	eq	version:	3.0.0.4_386_51529	Trust: 1.0

sources: NVD: CVE-2023-35087

CVSS

SEVERITY

CVSSV2

CVSSV3

twcert@cert.org.tw:	CVE-2023-35087
value:	CRITICAL
Trust: 1.0
CNNVD:	CNNVD-202307-1794
value:	CRITICAL
Trust: 0.6

twcert@cert.org.tw:	CVE-2023-35087
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNNVD: CNNVD-202307-1794 // NVD: CVE-2023-35087

PROBLEMTYPE DATA

problemtype:

CWE-134

Trust: 1.0

sources: NVD: CVE-2023-35087

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202307-1794

TYPE

format string error

Trust: 0.6

sources: CNNVD: CNNVD-202307-1794

PATCH

title:

ASUS RT-AX56U Fixes for formatting string error vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=247066

Trust: 0.6

sources: CNNVD: CNNVD-202307-1794

EXTERNAL IDS

db:	NVD	id:	CVE-2023-35087	Trust: 1.7
db:	CNNVD	id:	CNNVD-202307-1794	Trust: 0.6
db:	VULMON	id:	CVE-2023-35087	Trust: 0.1

sources: VULMON: CVE-2023-35087 // CNNVD: CNNVD-202307-1794 // NVD: CVE-2023-35087

REFERENCES

url:	https://www.twcert.org.tw/tw/cp-132-7249-ab2d1-1.html	Trust: 1.7
url:	https://cxsecurity.com/cveshow/cve-2023-35087/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/134.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2023-35087 // CNNVD: CNNVD-202307-1794 // NVD: CVE-2023-35087

SOURCES

db:	VULMON	id:	CVE-2023-35087
db:	CNNVD	id:	CNNVD-202307-1794
db:	NVD	id:	CVE-2023-35087

LAST UPDATE DATE

2024-08-14T14:30:20.510000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2023-35087	date:	2023-07-21T00:00:00
db:	CNNVD	id:	CNNVD-202307-1794	date:	2023-07-24T00:00:00
db:	NVD	id:	CVE-2023-35087	date:	2023-08-03T18:43:53.560

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2023-35087	date:	2023-07-21T00:00:00
db:	CNNVD	id:	CNNVD-202307-1794	date:	2023-07-21T00:00:00
db:	NVD	id:	CVE-2023-35087	date:	2023-07-21T08:15:09.900