Sign-up

ID

VAR-202401-0687


CVE

CVE-2023-51127


DESCRIPTION

FLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal due to improper access restriction. This vulnerability allows an unauthenticated, remote attacker to obtain arbitrary sensitive file contents by uploading a specially crafted symbolic link file.

Trust: 1.0

sources: NVD: CVE-2023-51127

AFFECTED PRODUCTS

vendor:flirmodel:ax8scope:eqversion:1.46.16

Trust: 1.0

sources: NVD: CVE-2023-51127

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-51127
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2023-51127
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: NVD: CVE-2023-51127

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.0

sources: NVD: CVE-2023-51127

PATCH

title:CVE-2023-51127url:https://github.com/risuxx/CVE-2023-51127

Trust: 0.1

sources: VULMON: CVE-2023-51127

EXTERNAL IDS

db:NVDid:CVE-2023-51127

Trust: 1.1

db:VULMONid:CVE-2023-51127

Trust: 0.1

sources: VULMON: CVE-2023-51127 // NVD: CVE-2023-51127

REFERENCES

url:https://github.com/risuxx/cve-2023-51127

Trust: 1.1

sources: VULMON: CVE-2023-51127 // NVD: CVE-2023-51127

SOURCES

db:VULMONid:CVE-2023-51127
db:NVDid:CVE-2023-51127

LAST UPDATE DATE

2024-08-14T13:41:16.072000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2023-51127date:2024-01-17T22:16:06.427

SOURCES RELEASE DATE

db:NVDid:CVE-2023-51127date:2024-01-10T21:15:09.133