CVE-2024-3123 (GCVE-0-2024-3123)

Vulnerability from cvelistv5 – Published: 2024-07-01 02:52 – Updated: 2024-08-01 19:32
VLAI?
Title
CHANGING Mobile One Time Password - Arbitrary File Upload
Summary
CHANGING Mobile One Time Password's uploading function in a hidden page does not filter file type properly. Remote attackers with administrator privilege can exploit this vulnerability to upload and run malicious file to execute system commands.
Severity ?
7.2 (High)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
Vendor Product Version
CHANGING Mobile One Time Password Affected: 3.11 , ≤ 3.11.3 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:changingtec:mobile_one_time_password:3.11:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "mobile_one_time_password",
            "vendor": "changingtec",
            "versions": [
              {
                "lessThanOrEqual": "3.11.3",
                "status": "affected",
                "version": "3.11",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3123",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-01T14:09:05.509944Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-02T14:21:02.687Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:32:42.884Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://www.twcert.org.tw/tw/cp-132-7913-6528e-1.html"
          },
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://www.twcert.org.tw/en/cp-139-7914-33fbb-2.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Mobile One Time Password",
          "vendor": "CHANGING",
          "versions": [
            {
              "lessThanOrEqual": "3.11.3",
              "status": "affected",
              "version": "3.11",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-07-01T02:52:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "CHANGING Mobile One Time Password\u0027s uploading function in a hidden page does not filter file type properly. Remote attackers with  administrator privilege can exploit this vulnerability to upload and run malicious file to execute system commands."
            }
          ],
          "value": "CHANGING Mobile One Time Password\u0027s uploading function in a hidden page does not filter file type properly. Remote attackers with  administrator privilege can exploit this vulnerability to upload and run malicious file to execute system commands."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-650",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-650 Upload a Web Shell to a Web Server"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-434",
              "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-01T02:52:34.721Z",
        "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "shortName": "twcert"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.twcert.org.tw/tw/cp-132-7913-6528e-1.html"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.twcert.org.tw/en/cp-139-7914-33fbb-2.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to MOTP 3.11.3 Patch 1 or later version or install the patch."
            }
          ],
          "value": "Update to MOTP 3.11.3 Patch 1 or later version or install the patch."
        }
      ],
      "source": {
        "advisory": "TVN-202407002",
        "discovery": "EXTERNAL"
      },
      "title": "CHANGING Mobile One Time Password - Arbitrary File Upload",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
    "assignerShortName": "twcert",
    "cveId": "CVE-2024-3123",
    "datePublished": "2024-07-01T02:52:34.721Z",
    "dateReserved": "2024-04-01T03:08:28.782Z",
    "dateUpdated": "2024-08-01T19:32:42.884Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"CHANGING Mobile One Time Password\u0027s uploading function in a hidden page does not filter file type properly. Remote attackers with  administrator privilege can exploit this vulnerability to upload and run malicious file to execute system commands.\"}, {\"lang\": \"es\", \"value\": \"CHANGING la funci\\u00f3n de carga de Mobile One Time Password en una p\\u00e1gina oculta no filtra el tipo de archivo correctamente. Los atacantes remotos con privilegios de administrador pueden aprovechar esta vulnerabilidad para cargar y ejecutar archivos maliciosos para ejecutar comandos del sistema.\"}]",
      "id": "CVE-2024-3123",
      "lastModified": "2024-11-21T09:28:57.103",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"twcert@cert.org.tw\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 5.9}]}",
      "published": "2024-07-01T05:15:04.973",
      "references": "[{\"url\": \"https://www.twcert.org.tw/en/cp-139-7914-33fbb-2.html\", \"source\": \"twcert@cert.org.tw\"}, {\"url\": \"https://www.twcert.org.tw/tw/cp-132-7913-6528e-1.html\", \"source\": \"twcert@cert.org.tw\"}, {\"url\": \"https://www.twcert.org.tw/en/cp-139-7914-33fbb-2.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.twcert.org.tw/tw/cp-132-7913-6528e-1.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "twcert@cert.org.tw",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"twcert@cert.org.tw\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-434\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-3123\",\"sourceIdentifier\":\"twcert@cert.org.tw\",\"published\":\"2024-07-01T05:15:04.973\",\"lastModified\":\"2024-11-21T09:28:57.103\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"CHANGING Mobile One Time Password\u0027s uploading function in a hidden page does not filter file type properly. Remote attackers with  administrator privilege can exploit this vulnerability to upload and run malicious file to execute system commands.\"},{\"lang\":\"es\",\"value\":\"CHANGING la funci\u00f3n de carga de Mobile One Time Password en una p\u00e1gina oculta no filtra el tipo de archivo correctamente. Los atacantes remotos con privilegios de administrador pueden aprovechar esta vulnerabilidad para cargar y ejecutar archivos maliciosos para ejecutar comandos del sistema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"twcert@cert.org.tw\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"twcert@cert.org.tw\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]}],\"references\":[{\"url\":\"https://www.twcert.org.tw/en/cp-139-7914-33fbb-2.html\",\"source\":\"twcert@cert.org.tw\"},{\"url\":\"https://www.twcert.org.tw/tw/cp-132-7913-6528e-1.html\",\"source\":\"twcert@cert.org.tw\"},{\"url\":\"https://www.twcert.org.tw/en/cp-139-7914-33fbb-2.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.twcert.org.tw/tw/cp-132-7913-6528e-1.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.twcert.org.tw/tw/cp-132-7913-6528e-1.html\", \"tags\": [\"third-party-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.twcert.org.tw/en/cp-139-7914-33fbb-2.html\", \"tags\": [\"third-party-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T19:32:42.884Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-3123\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-01T14:09:05.509944Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:changingtec:mobile_one_time_password:3.11:*:*:*:*:*:*:*\"], \"vendor\": \"changingtec\", \"product\": \"mobile_one_time_password\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.11\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.11.3\"}], \"defaultStatus\": \"unaffected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-02T14:20:59.813Z\"}}], \"cna\": {\"title\": \"CHANGING Mobile One Time Password - Arbitrary File Upload\", \"source\": {\"advisory\": \"TVN-202407002\", \"discovery\": \"EXTERNAL\"}, \"impacts\": [{\"capecId\": \"CAPEC-650\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-650 Upload a Web Shell to a Web Server\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"CHANGING\", \"product\": \"Mobile One Time Password\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.11\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.11.3\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Update to MOTP 3.11.3 Patch 1 or later version or install the patch.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Update to MOTP 3.11.3 Patch 1 or later version or install the patch.\", \"base64\": false}]}], \"datePublic\": \"2024-07-01T02:52:00.000Z\", \"references\": [{\"url\": \"https://www.twcert.org.tw/tw/cp-132-7913-6528e-1.html\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://www.twcert.org.tw/en/cp-139-7914-33fbb-2.html\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"CHANGING Mobile One Time Password\u0027s uploading function in a hidden page does not filter file type properly. Remote attackers with  administrator privilege can exploit this vulnerability to upload and run malicious file to execute system commands.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"CHANGING Mobile One Time Password\u0027s uploading function in a hidden page does not filter file type properly. Remote attackers with  administrator privilege can exploit this vulnerability to upload and run malicious file to execute system commands.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-434\", \"description\": \"CWE-434 Unrestricted Upload of File with Dangerous Type\"}]}], \"providerMetadata\": {\"orgId\": \"cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e\", \"shortName\": \"twcert\", \"dateUpdated\": \"2024-07-01T02:52:34.721Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-3123\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T19:32:42.884Z\", \"dateReserved\": \"2024-04-01T03:08:28.782Z\", \"assignerOrgId\": \"cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e\", \"datePublished\": \"2024-07-01T02:52:34.721Z\", \"assignerShortName\": \"twcert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.