Sign-up

ID

VAR-202308-2817


CVE

CVE-2023-33238


TITLE

Moxa Inc.  of  TN-5900  firmware and  tn-4900  Command injection vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2023-022079

DESCRIPTION

TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices. Moxa Inc. (DoS) It may be in a state. MOXA TN-4900 is a series of industrial firewall routers produced by MOXA in China. MOXA TN-5900 is a series of industrial firewall routers produced by China MOXA Company

Trust: 2.25

sources: NVD: CVE-2023-33238 // JVNDB: JVNDB-2023-022079 // CNVD: CNVD-2023-64096 // VULMON: CVE-2023-33238

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-64096

AFFECTED PRODUCTS

vendor:moxamodel:tn-4900scope:lteversion:1.2.4

Trust: 1.0

vendor:moxamodel:tn-5900scope:lteversion:3.3

Trust: 1.0

vendor:moxamodel:tn-5900scope: - version: -

Trust: 0.8

vendor:moxamodel:tn-4900scope: - version: -

Trust: 0.8

vendor:moxamodel:tn-5900scope:lteversion:<=3.3

Trust: 0.6

vendor:moxamodel:tn-4900scope:lteversion:<=1.2.4

Trust: 0.6

sources: CNVD: CNVD-2023-64096 // JVNDB: JVNDB-2023-022079 // NVD: CVE-2023-33238

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-33238
value: CRITICAL

Trust: 1.0

psirt@moxa.com: CVE-2023-33238
value: HIGH

Trust: 1.0

NVD: CVE-2023-33238
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2023-64096
value: HIGH

Trust: 0.6

CNVD: CNVD-2023-64096
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-33238
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@moxa.com: CVE-2023-33238
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2023-33238
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2023-64096 // JVNDB: JVNDB-2023-022079 // NVD: CVE-2023-33238 // NVD: CVE-2023-33238

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:CWE-78

Trust: 1.0

problemtype:Command injection (CWE-77) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-022079 // NVD: CVE-2023-33238

PATCH

title:Patch for MOXA TN-4900 and TN-5900 Command Injection Vulnerability (CNVD-2023-64096)url:https://www.cnvd.org.cn/patchInfo/show/452551

Trust: 0.6

sources: CNVD: CNVD-2023-64096

EXTERNAL IDS

db:NVDid:CVE-2023-33238

Trust: 3.3

db:JVNDBid:JVNDB-2023-022079

Trust: 0.8

db:CNVDid:CNVD-2023-64096

Trust: 0.6

db:VULMONid:CVE-2023-33238

Trust: 0.1

sources: CNVD: CNVD-2023-64096 // VULMON: CVE-2023-33238 // JVNDB: JVNDB-2023-022079 // NVD: CVE-2023-33238

REFERENCES

url:https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2023-33238

Trust: 0.8

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2023-64096 // VULMON: CVE-2023-33238 // JVNDB: JVNDB-2023-022079 // NVD: CVE-2023-33238

SOURCES

db:CNVDid:CNVD-2023-64096
db:VULMONid:CVE-2023-33238
db:JVNDBid:JVNDB-2023-022079
db:NVDid:CVE-2023-33238

LAST UPDATE DATE

2024-10-28T22:54:22.967000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-64096date:2023-08-21T00:00:00
db:VULMONid:CVE-2023-33238date:2023-08-17T00:00:00
db:JVNDBid:JVNDB-2023-022079date:2024-01-22T02:56:00
db:NVDid:CVE-2023-33238date:2024-10-28T06:15:03.147

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-64096date:2023-08-21T00:00:00
db:VULMONid:CVE-2023-33238date:2023-08-17T00:00:00
db:JVNDBid:JVNDB-2023-022079date:2024-01-22T00:00:00
db:NVDid:CVE-2023-33238date:2023-08-17T03:15:09.377