Search criteria
9 vulnerabilities found for mx-virtual_firmware by zultys
FKIE_CVE-2023-43744
Vulnerability from fkie_nvd - Published: 2023-12-08 01:15 - Updated: 2024-11-21 08:24
Severity ?
Summary
An OS command injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an administrator to execute arbitrary OS commands via a file name parameter in a patch application function. The Zultys MX Administrator client has a "Patch Manager" section that allows administrators to apply patches to the device. The user supplied filename for the patch file is passed to a shell script without validation. Including bash command substitution characters in a patch file name results in execution of the provided command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zultys | mx-se_firmware | * | |
| zultys | mx-se_firmware | * | |
| zultys | mx-se | - | |
| zultys | mx-se_ii_firmware | * | |
| zultys | mx-se_ii_firmware | * | |
| zultys | mx-se_ii | - | |
| zultys | mx-e_firmware | * | |
| zultys | mx-e_firmware | * | |
| zultys | mx-e | - | |
| zultys | mx-virtual_firmware | * | |
| zultys | mx-virtual_firmware | * | |
| zultys | mx-virtual | - | |
| zultys | mx250_firmware | * | |
| zultys | mx250_firmware | * | |
| zultys | mx250 | - | |
| zultys | mx30_firmware | * | |
| zultys | mx30_firmware | * | |
| zultys | mx30 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zultys:mx-se_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09D39AC9-ACBA-4CF9-B9F0-D04F6B392905",
"versionEndExcluding": "16.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zultys:mx-se_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D290A1E-9CF3-42C3-B099-9A0D5FFE2FDC",
"versionEndExcluding": "17.0.10",
"versionStartIncluding": "17.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zultys:mx-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E4DCA4-D3CB-46DC-B20F-205F18FE6FA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zultys:mx-se_ii_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2CE4D4C-0CB5-4AB9-936B-E275E4A6E1A1",
"versionEndExcluding": "16.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zultys:mx-se_ii_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B040E08-BAF8-475B-BF5C-DC3D6D5FBBB1",
"versionEndExcluding": "17.0.10",
"versionStartIncluding": "17.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zultys:mx-se_ii:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD550DD-C5C0-4ABC-9C29-016FC0587E97",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zultys:mx-e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3907F8B7-CB24-4BE4-8B8D-18F3D965EE7C",
"versionEndExcluding": "16.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zultys:mx-e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2257C4EE-4C6F-4EC2-A88D-6048FFE28EC2",
"versionEndExcluding": "17.0.10",
"versionStartIncluding": "17.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zultys:mx-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E12E140-C7D8-4875-9AF7-4EF1A77D9CF1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zultys:mx-virtual_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCCC65F2-DAC8-4A47-A712-95D7E2579A3B",
"versionEndExcluding": "16.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zultys:mx-virtual_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7657BBD9-09D8-4EEA-AC0B-5098C4369874",
"versionEndExcluding": "17.0.10",
"versionStartIncluding": "17.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zultys:mx-virtual:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B765CFE-8D05-430C-9725-6FBC8C9D1484",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zultys:mx250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D49E46A-4BA6-4563-9786-D2BC5E05F1CE",
"versionEndExcluding": "16.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zultys:mx250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9572474-24A5-47C5-9A95-E8F4E0AB56C8",
"versionEndExcluding": "17.0.10",
"versionStartIncluding": "17.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zultys:mx250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44FBBEC0-96AF-42D1-B27C-91E6F3E67F7D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zultys:mx30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF02FDBD-C0B9-4E6D-AEDD-3BB28D9EF059",
"versionEndExcluding": "16.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zultys:mx30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EC94AF4-0D2B-4045-98DF-53E2014C139D",
"versionEndExcluding": "17.0.10",
"versionStartIncluding": "17.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zultys:mx30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45765B6E-39CE-4CD2-A20C-7DB96FDDEBF0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an administrator to execute arbitrary OS commands via a file name parameter in a patch application function. The Zultys MX Administrator client has a \"Patch Manager\" section that allows administrators to apply patches to the device. The user supplied filename for the patch file is passed to a shell script without validation. Including bash command substitution characters in a patch file name results in execution of the provided command."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250 y MX30 con versiones de firmware anteriores al parche 17.0.10 17161 y al parche 16.04 16109 permite a un administrador ejecutar comandos arbitrarios del sistema operativo. a trav\u00e9s de un par\u00e1metro de nombre de archivo en una funci\u00f3n de aplicaci\u00f3n de parche. El cliente Zultys MX Administrator tiene una secci\u00f3n \"Administrador de parches\" que permite a los administradores aplicar parches al dispositivo. El nombre de archivo proporcionado por el usuario para el archivo de parche se pasa a un script de shell sin validaci\u00f3n. Incluir caracteres de sustituci\u00f3n de comandos bash en el nombre de un archivo de parche da como resultado la ejecuci\u00f3n del comando proporcionado."
}
],
"id": "CVE-2023-43744",
"lastModified": "2024-11-21T08:24:42.310",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-08T01:15:07.337",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0002.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://mxvirtual.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0002.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://mxvirtual.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-43743
Vulnerability from fkie_nvd - Published: 2023-12-08 01:15 - Updated: 2025-05-27 16:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to execute arbitrary SQL queries on the backend database via the filter parameter in requests to the /newapi/ endpoint in the Zultys MX web interface.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zultys | mx-se_firmware | * | |
| zultys | mx-se_firmware | * | |
| zultys | mx-se | - | |
| zultys | mx-se_ii_firmware | * | |
| zultys | mx-se_ii_firmware | * | |
| zultys | mx-se_ii | - | |
| zultys | mx-e_firmware | * | |
| zultys | mx-e_firmware | * | |
| zultys | mx-e | - | |
| zultys | mx-virtual_firmware | * | |
| zultys | mx-virtual_firmware | * | |
| zultys | mx-virtual | - | |
| zultys | mx250_firmware | * | |
| zultys | mx250_firmware | * | |
| zultys | mx250 | - | |
| zultys | mx30_firmware | * | |
| zultys | mx30_firmware | * | |
| zultys | mx30 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zultys:mx-se_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09D39AC9-ACBA-4CF9-B9F0-D04F6B392905",
"versionEndExcluding": "16.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zultys:mx-se_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D290A1E-9CF3-42C3-B099-9A0D5FFE2FDC",
"versionEndExcluding": "17.0.10",
"versionStartIncluding": "17.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zultys:mx-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E4DCA4-D3CB-46DC-B20F-205F18FE6FA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zultys:mx-se_ii_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2CE4D4C-0CB5-4AB9-936B-E275E4A6E1A1",
"versionEndExcluding": "16.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zultys:mx-se_ii_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B040E08-BAF8-475B-BF5C-DC3D6D5FBBB1",
"versionEndExcluding": "17.0.10",
"versionStartIncluding": "17.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zultys:mx-se_ii:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD550DD-C5C0-4ABC-9C29-016FC0587E97",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zultys:mx-e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3907F8B7-CB24-4BE4-8B8D-18F3D965EE7C",
"versionEndExcluding": "16.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zultys:mx-e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2257C4EE-4C6F-4EC2-A88D-6048FFE28EC2",
"versionEndExcluding": "17.0.10",
"versionStartIncluding": "17.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zultys:mx-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E12E140-C7D8-4875-9AF7-4EF1A77D9CF1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zultys:mx-virtual_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCCC65F2-DAC8-4A47-A712-95D7E2579A3B",
"versionEndExcluding": "16.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zultys:mx-virtual_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7657BBD9-09D8-4EEA-AC0B-5098C4369874",
"versionEndExcluding": "17.0.10",
"versionStartIncluding": "17.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zultys:mx-virtual:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B765CFE-8D05-430C-9725-6FBC8C9D1484",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zultys:mx250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D49E46A-4BA6-4563-9786-D2BC5E05F1CE",
"versionEndExcluding": "16.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zultys:mx250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9572474-24A5-47C5-9A95-E8F4E0AB56C8",
"versionEndExcluding": "17.0.10",
"versionStartIncluding": "17.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zultys:mx250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44FBBEC0-96AF-42D1-B27C-91E6F3E67F7D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zultys:mx30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF02FDBD-C0B9-4E6D-AEDD-3BB28D9EF059",
"versionEndExcluding": "16.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zultys:mx30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EC94AF4-0D2B-4045-98DF-53E2014C139D",
"versionEndExcluding": "17.0.10",
"versionStartIncluding": "17.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zultys:mx30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45765B6E-39CE-4CD2-A20C-7DB96FDDEBF0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to execute arbitrary SQL queries on the backend database via the filter parameter in requests to the /newapi/ endpoint in the Zultys MX web interface."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250 y MX30 con versiones de firmware anteriores a 17.0.10 parche 17161 y 16.04 parche 16109 permite a un atacante autenticado ejecutar consultas SQL arbitrarias en la base de datos backend a trav\u00e9s del par\u00e1metro de filtro en solicitudes al endpoint /newapi/ en la interfaz web de Zultys MX."
}
],
"id": "CVE-2023-43743",
"lastModified": "2025-05-27T16:15:29.223",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-12-08T01:15:07.270",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0002.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://mxvirtual.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0002.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://mxvirtual.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-43742
Vulnerability from fkie_nvd - Published: 2023-12-08 01:15 - Updated: 2024-11-21 08:24
Severity ?
Summary
An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an unauthenticated attacker to obtain an administrative session via a protection mechanism failure in the authentication function. In normal operation, the Zultys MX Administrator Windows client connects to port 7505 and attempts authentication, submitting the administrator username and password to the server. Upon authentication failure, the server sends a login failure message prompting the client to disconnect. However, if the client ignores the failure message instead and attempts to continue, the server does not forcibly close the connection and processes all subsequent requests from the client as if authentication had been successful.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zultys | mx-se_firmware | * | |
| zultys | mx-se_firmware | * | |
| zultys | mx-se | - | |
| zultys | mx-se_ii_firmware | * | |
| zultys | mx-se_ii_firmware | * | |
| zultys | mx-se_ii | - | |
| zultys | mx-e_firmware | * | |
| zultys | mx-e_firmware | * | |
| zultys | mx-e | - | |
| zultys | mx-virtual_firmware | * | |
| zultys | mx-virtual_firmware | * | |
| zultys | mx-virtual | - | |
| zultys | mx250_firmware | * | |
| zultys | mx250_firmware | * | |
| zultys | mx250 | - | |
| zultys | mx30_firmware | * | |
| zultys | mx30_firmware | * | |
| zultys | mx30 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zultys:mx-se_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09D39AC9-ACBA-4CF9-B9F0-D04F6B392905",
"versionEndExcluding": "16.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zultys:mx-se_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D290A1E-9CF3-42C3-B099-9A0D5FFE2FDC",
"versionEndExcluding": "17.0.10",
"versionStartIncluding": "17.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zultys:mx-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E4DCA4-D3CB-46DC-B20F-205F18FE6FA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zultys:mx-se_ii_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2CE4D4C-0CB5-4AB9-936B-E275E4A6E1A1",
"versionEndExcluding": "16.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zultys:mx-se_ii_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B040E08-BAF8-475B-BF5C-DC3D6D5FBBB1",
"versionEndExcluding": "17.0.10",
"versionStartIncluding": "17.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zultys:mx-se_ii:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD550DD-C5C0-4ABC-9C29-016FC0587E97",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zultys:mx-e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3907F8B7-CB24-4BE4-8B8D-18F3D965EE7C",
"versionEndExcluding": "16.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zultys:mx-e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2257C4EE-4C6F-4EC2-A88D-6048FFE28EC2",
"versionEndExcluding": "17.0.10",
"versionStartIncluding": "17.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zultys:mx-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E12E140-C7D8-4875-9AF7-4EF1A77D9CF1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zultys:mx-virtual_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCCC65F2-DAC8-4A47-A712-95D7E2579A3B",
"versionEndExcluding": "16.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zultys:mx-virtual_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7657BBD9-09D8-4EEA-AC0B-5098C4369874",
"versionEndExcluding": "17.0.10",
"versionStartIncluding": "17.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zultys:mx-virtual:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B765CFE-8D05-430C-9725-6FBC8C9D1484",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zultys:mx250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D49E46A-4BA6-4563-9786-D2BC5E05F1CE",
"versionEndExcluding": "16.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zultys:mx250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9572474-24A5-47C5-9A95-E8F4E0AB56C8",
"versionEndExcluding": "17.0.10",
"versionStartIncluding": "17.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zultys:mx250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44FBBEC0-96AF-42D1-B27C-91E6F3E67F7D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zultys:mx30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF02FDBD-C0B9-4E6D-AEDD-3BB28D9EF059",
"versionEndExcluding": "16.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:zultys:mx30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EC94AF4-0D2B-4045-98DF-53E2014C139D",
"versionEndExcluding": "17.0.10",
"versionStartIncluding": "17.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zultys:mx30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45765B6E-39CE-4CD2-A20C-7DB96FDDEBF0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an unauthenticated attacker to obtain an administrative session via a protection mechanism failure in the authentication function. In normal operation, the Zultys MX Administrator Windows client connects to port 7505 and attempts authentication, submitting the administrator username and password to the server. Upon authentication failure, the server sends a login failure message prompting the client to disconnect. However, if the client ignores the failure message instead and attempts to continue, the server does not forcibly close the connection and processes all subsequent requests from the client as if authentication had been successful."
},
{
"lang": "es",
"value": "Una omisi\u00f3n de autenticaci\u00f3n en Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250 y MX30 con versiones de firmware anteriores a 17.0.10 parche 17161 y 16.04 parche 16109 permite a un atacante no autenticado obtener una sesi\u00f3n administrativa a trav\u00e9s de una falla del mecanismo de protecci\u00f3n en la funci\u00f3n de autenticaci\u00f3n. En funcionamiento normal, el cliente Windows Zultys MX Administrator se conecta al puerto 7505 e intenta la autenticaci\u00f3n, enviando el nombre de usuario y la contrase\u00f1a del administrador al servidor. Tras un error de autenticaci\u00f3n, el servidor env\u00eda un mensaje de error de inicio de sesi\u00f3n solicitando al cliente que se desconecte. Sin embargo, si el cliente ignora el mensaje de error e intenta continuar, el servidor no cierra la conexi\u00f3n a la fuerza y procesa todas las solicitudes posteriores del cliente como si la autenticaci\u00f3n hubiera sido exitosa."
}
],
"id": "CVE-2023-43742",
"lastModified": "2024-11-21T08:24:41.987",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-08T01:15:07.200",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0002.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0002.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-43744 (GCVE-0-2023-43744)
Vulnerability from cvelistv5 – Published: 2023-12-08 00:00 – Updated: 2024-08-02 19:52
VLAI?
Summary
An OS command injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an administrator to execute arbitrary OS commands via a file name parameter in a patch application function. The Zultys MX Administrator client has a "Patch Manager" section that allows administrators to apply patches to the device. The user supplied filename for the patch file is passed to a shell script without validation. Including bash command substitution characters in a patch file name results in execution of the provided command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:10.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://mxvirtual.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0002.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an administrator to execute arbitrary OS commands via a file name parameter in a patch application function. The Zultys MX Administrator client has a \"Patch Manager\" section that allows administrators to apply patches to the device. The user supplied filename for the patch file is passed to a shell script without validation. Including bash command substitution characters in a patch file name results in execution of the provided command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-08T01:08:19.524708",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://mxvirtual.com"
},
{
"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0002.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43744",
"datePublished": "2023-12-08T00:00:00",
"dateReserved": "2023-09-22T00:00:00",
"dateUpdated": "2024-08-02T19:52:10.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43742 (GCVE-0-2023-43742)
Vulnerability from cvelistv5 – Published: 2023-12-08 00:00 – Updated: 2024-08-02 19:52
VLAI?
Summary
An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an unauthenticated attacker to obtain an administrative session via a protection mechanism failure in the authentication function. In normal operation, the Zultys MX Administrator Windows client connects to port 7505 and attempts authentication, submitting the administrator username and password to the server. Upon authentication failure, the server sends a login failure message prompting the client to disconnect. However, if the client ignores the failure message instead and attempts to continue, the server does not forcibly close the connection and processes all subsequent requests from the client as if authentication had been successful.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:10.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0002.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an unauthenticated attacker to obtain an administrative session via a protection mechanism failure in the authentication function. In normal operation, the Zultys MX Administrator Windows client connects to port 7505 and attempts authentication, submitting the administrator username and password to the server. Upon authentication failure, the server sends a login failure message prompting the client to disconnect. However, if the client ignores the failure message instead and attempts to continue, the server does not forcibly close the connection and processes all subsequent requests from the client as if authentication had been successful."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-08T01:07:43.887358",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0002.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43742",
"datePublished": "2023-12-08T00:00:00",
"dateReserved": "2023-09-22T00:00:00",
"dateUpdated": "2024-08-02T19:52:10.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43743 (GCVE-0-2023-43743)
Vulnerability from cvelistv5 – Published: 2023-12-08 00:00 – Updated: 2025-05-27 15:34
VLAI?
Summary
A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to execute arbitrary SQL queries on the backend database via the filter parameter in requests to the /newapi/ endpoint in the Zultys MX web interface.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:11.014Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://mxvirtual.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0002.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-43743",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T15:33:46.911270Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T15:34:49.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to execute arbitrary SQL queries on the backend database via the filter parameter in requests to the /newapi/ endpoint in the Zultys MX web interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-08T01:08:14.033Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://mxvirtual.com"
},
{
"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0002.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43743",
"datePublished": "2023-12-08T00:00:00.000Z",
"dateReserved": "2023-09-22T00:00:00.000Z",
"dateUpdated": "2025-05-27T15:34:49.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43744 (GCVE-0-2023-43744)
Vulnerability from nvd – Published: 2023-12-08 00:00 – Updated: 2024-08-02 19:52
VLAI?
Summary
An OS command injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an administrator to execute arbitrary OS commands via a file name parameter in a patch application function. The Zultys MX Administrator client has a "Patch Manager" section that allows administrators to apply patches to the device. The user supplied filename for the patch file is passed to a shell script without validation. Including bash command substitution characters in a patch file name results in execution of the provided command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:10.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://mxvirtual.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0002.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an administrator to execute arbitrary OS commands via a file name parameter in a patch application function. The Zultys MX Administrator client has a \"Patch Manager\" section that allows administrators to apply patches to the device. The user supplied filename for the patch file is passed to a shell script without validation. Including bash command substitution characters in a patch file name results in execution of the provided command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-08T01:08:19.524708",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://mxvirtual.com"
},
{
"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0002.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43744",
"datePublished": "2023-12-08T00:00:00",
"dateReserved": "2023-09-22T00:00:00",
"dateUpdated": "2024-08-02T19:52:10.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43742 (GCVE-0-2023-43742)
Vulnerability from nvd – Published: 2023-12-08 00:00 – Updated: 2024-08-02 19:52
VLAI?
Summary
An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an unauthenticated attacker to obtain an administrative session via a protection mechanism failure in the authentication function. In normal operation, the Zultys MX Administrator Windows client connects to port 7505 and attempts authentication, submitting the administrator username and password to the server. Upon authentication failure, the server sends a login failure message prompting the client to disconnect. However, if the client ignores the failure message instead and attempts to continue, the server does not forcibly close the connection and processes all subsequent requests from the client as if authentication had been successful.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:10.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0002.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an unauthenticated attacker to obtain an administrative session via a protection mechanism failure in the authentication function. In normal operation, the Zultys MX Administrator Windows client connects to port 7505 and attempts authentication, submitting the administrator username and password to the server. Upon authentication failure, the server sends a login failure message prompting the client to disconnect. However, if the client ignores the failure message instead and attempts to continue, the server does not forcibly close the connection and processes all subsequent requests from the client as if authentication had been successful."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-08T01:07:43.887358",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0002.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43742",
"datePublished": "2023-12-08T00:00:00",
"dateReserved": "2023-09-22T00:00:00",
"dateUpdated": "2024-08-02T19:52:10.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43743 (GCVE-0-2023-43743)
Vulnerability from nvd – Published: 2023-12-08 00:00 – Updated: 2025-05-27 15:34
VLAI?
Summary
A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to execute arbitrary SQL queries on the backend database via the filter parameter in requests to the /newapi/ endpoint in the Zultys MX web interface.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:11.014Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://mxvirtual.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0002.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-43743",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T15:33:46.911270Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T15:34:49.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to execute arbitrary SQL queries on the backend database via the filter parameter in requests to the /newapi/ endpoint in the Zultys MX web interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-08T01:08:14.033Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://mxvirtual.com"
},
{
"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0002.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43743",
"datePublished": "2023-12-08T00:00:00.000Z",
"dateReserved": "2023-09-22T00:00:00.000Z",
"dateUpdated": "2025-05-27T15:34:49.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}