Sign-up

ID

VAR-202309-1961


CVE

CVE-2023-41349


DESCRIPTION

ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack, resulting in sensitivity information leakage, or forcing the device to reset and permanent denial of service.

Trust: 1.0

sources: NVD: CVE-2023-41349

AFFECTED PRODUCTS

vendor:asusmodel:rt-ax88uscope:ltversion:3.0.0.4.388.23748

Trust: 1.0

sources: NVD: CVE-2023-41349

CVSS

SEVERITY

CVSSV2

CVSSV3

twcert@cert.org.tw: CVE-2023-41349
value: HIGH

Trust: 1.0

twcert@cert.org.tw: CVE-2023-41349
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: NVD: CVE-2023-41349

PROBLEMTYPE DATA

problemtype:CWE-134

Trust: 1.0

sources: NVD: CVE-2023-41349

EXTERNAL IDS

db:NVDid:CVE-2023-41349

Trust: 1.0

sources: NVD: CVE-2023-41349

REFERENCES

url:https://www.twcert.org.tw/tw/cp-132-7371-aecf1-1.html

Trust: 1.0

sources: NVD: CVE-2023-41349

SOURCES

db:NVDid:CVE-2023-41349

LAST UPDATE DATE

2024-08-14T15:26:24.695000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2023-41349date:2023-09-19T21:23:04.903

SOURCES RELEASE DATE

db:NVDid:CVE-2023-41349date:2023-09-18T03:15:08.113