CVE-2023-1731 (GCVE-0-2023-1731)
Vulnerability from cvelistv5 – Published: 2023-04-24 13:36 – Updated: 2025-02-04 19:16
VLAI?
Title
Improper Input Validation in Meinberg LTOS
Summary
In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands.
Severity ?
7.2 (High)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Credits
Many thanks to Noam Moshe of Claroty for reporting this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:25.243Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-2023-02-lantime-firmware-v7-06-013.htm"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1731",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T19:16:33.062158Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T19:16:58.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LTOS",
"vendor": "Meinberg",
"versions": [
{
"lessThan": "7.06.013",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Many thanks to Noam Moshe of Claroty for reporting this vulnerability."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands.\u003cbr\u003e"
}
],
"value": "In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-23T05:49:20.632Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-2023-02-lantime-firmware-v7-06-013.htm"
}
],
"source": {
"defect": [
"CERT@VDE#64425"
],
"discovery": "UNKNOWN"
},
"title": "Improper Input Validation in Meinberg LTOS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-1731",
"datePublished": "2023-04-24T13:36:03.117Z",
"dateReserved": "2023-03-30T15:06:41.196Z",
"dateUpdated": "2025-02-04T19:16:58.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:meinbergglobal:lantime_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"7.06.013\", \"matchCriteriaId\": \"8085F2DD-CD93-4D37-9567-62966EB45A12\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:meinbergglobal:lantime_m100:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2541CE93-F4C4-453E-83AC-ED39D83571DF\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:meinbergglobal:lantime_m200:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A0C58392-64BE-4A64-9B43-F599D03CBD3E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:meinbergglobal:lantime_m300:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5FCA50A-2C6A-41ED-8E9D-38BA52C8428B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:meinbergglobal:lantime_m400:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51E5EFBE-3C3F-4386-A469-E190611A5A34\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:meinbergglobal:lantime_m600:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"46F4C7AA-30BB-402B-A21C-6FEEC919853C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:meinbergglobal:lantime_m900:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"164CB3CF-F979-4591-8DF8-972123E216B0\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands.\\n\"}]",
"id": "CVE-2023-1731",
"lastModified": "2024-11-21T07:39:47.157",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"info@cert.vde.com\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 5.9}]}",
"published": "2023-04-24T14:15:07.640",
"references": "[{\"url\": \"https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-2023-02-lantime-firmware-v7-06-013.htm\", \"source\": \"info@cert.vde.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-2023-02-lantime-firmware-v7-06-013.htm\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"info@cert.vde.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-434\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-434\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-1731\",\"sourceIdentifier\":\"info@cert.vde.com\",\"published\":\"2023-04-24T14:15:07.640\",\"lastModified\":\"2024-11-21T07:39:47.157\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands.\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:meinbergglobal:lantime_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.06.013\",\"matchCriteriaId\":\"8085F2DD-CD93-4D37-9567-62966EB45A12\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:meinbergglobal:lantime_m100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2541CE93-F4C4-453E-83AC-ED39D83571DF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:meinbergglobal:lantime_m200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0C58392-64BE-4A64-9B43-F599D03CBD3E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:meinbergglobal:lantime_m300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5FCA50A-2C6A-41ED-8E9D-38BA52C8428B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:meinbergglobal:lantime_m400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51E5EFBE-3C3F-4386-A469-E190611A5A34\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:meinbergglobal:lantime_m600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46F4C7AA-30BB-402B-A21C-6FEEC919853C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:meinbergglobal:lantime_m900:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"164CB3CF-F979-4591-8DF8-972123E216B0\"}]}]}],\"references\":[{\"url\":\"https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-2023-02-lantime-firmware-v7-06-013.htm\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-2023-02-lantime-firmware-v7-06-013.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-2023-02-lantime-firmware-v7-06-013.htm\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T05:57:25.243Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-1731\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-04T19:16:33.062158Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-04T19:16:51.664Z\"}}], \"cna\": {\"title\": \"Improper Input Validation in Meinberg LTOS\", \"source\": {\"defect\": [\"CERT@VDE#64425\"], \"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Many thanks to Noam Moshe of Claroty for reporting this vulnerability.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Meinberg\", \"product\": \"LTOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"7.06.013\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-2023-02-lantime-firmware-v7-06-013.htm\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands.\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands.\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-434\", \"description\": \"CWE-434 Unrestricted Upload of File with Dangerous Type\"}]}], \"providerMetadata\": {\"orgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"shortName\": \"CERTVDE\", \"dateUpdated\": \"2023-05-23T05:49:20.632Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-1731\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-04T19:16:58.162Z\", \"dateReserved\": \"2023-03-30T15:06:41.196Z\", \"assignerOrgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"datePublished\": \"2023-04-24T13:36:03.117Z\", \"assignerShortName\": \"CERTVDE\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…