CVE-2023-43478 (GCVE-0-2023-43478)
Vulnerability from cvelistv5 – Published: 2023-09-20 13:03 – Updated: 2024-09-24 18:58
VLAI?
Title
Unauthenticated configuration restore and firmware update
Summary
fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, allows unauthenticated attackers to upload firmware images and configuration backups, which could allow them to alter the firmware or the configuration on the device, ultimately leading to code execution as root.
Severity ?
8.8 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Telstra | Smart Modem Gen 2 (Arcadyan LH1000) |
Affected:
0 , < 0.18.15r
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:42.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2023-19"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:telstra:arcadyan_lh1000:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arcadyan_lh1000",
"vendor": "telstra",
"versions": [
{
"lessThan": "0.18.15r",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43478",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T18:56:11.095403Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T18:58:06.387Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Smart Modem Gen 2 (Arcadyan LH1000)",
"vendor": "Telstra",
"versions": [
{
"lessThan": "0.18.15r",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions \u0026lt; 0.18.15r, allows unauthenticated attackers to upload firmware images and configuration backups, which could allow them to alter the firmware or the configuration on the device, ultimately leading to code execution as root.\u0026nbsp;"
}
],
"value": "fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions \u003c 0.18.15r, allows unauthenticated attackers to upload firmware images and configuration backups, which could allow them to alter the firmware or the configuration on the device, ultimately leading to code execution as root.\u00a0"
}
],
"impacts": [
{
"capecId": "CAPEC-176",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-176 Configuration/Environment Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-20T13:03:10.299Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"url": "https://www.tenable.com/security/research/tra-2023-19"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated configuration restore and firmware update",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2023-43478",
"datePublished": "2023-09-20T13:03:10.299Z",
"dateReserved": "2023-09-18T17:35:17.960Z",
"dateUpdated": "2024-09-24T18:58:06.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:telstra:arcadyan_lh1000_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"0.18.15r\", \"matchCriteriaId\": \"35A4EC70-8D90-4C41-AD63-0C531644C396\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:telstra:arcadyan_lh1000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"18BB9AA9-95B5-4EF5-B398-7B2E80991966\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions \u003c 0.18.15r, allows unauthenticated attackers to upload firmware images and configuration backups, which could allow them to alter the firmware or the configuration on the device, ultimately leading to code execution as root.\\u00a0\"}, {\"lang\": \"es\", \"value\": \"fake_upload.cgi en Telstra Smart Modem Gen 2 (Arcadyan LH1000), versiones de firmware \u0026lt; 0.18.15r, permite a atacantes no autenticados cargar im\\u00e1genes de firmware y copias de seguridad de configuraci\\u00f3n, lo que podr\\u00eda permitirles alterar el firmware o la configuraci\\u00f3n en el dispositivo, lo que en \\u00faltima instancia lleva a para ejecutar el c\\u00f3digo como root.\"}]",
"id": "CVE-2023-43478",
"lastModified": "2024-11-21T08:24:07.540",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"vulnreport@tenable.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
"published": "2023-09-20T14:15:15.127",
"references": "[{\"url\": \"https://www.tenable.com/security/research/tra-2023-19\", \"source\": \"vulnreport@tenable.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/research/tra-2023-19\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-434\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-43478\",\"sourceIdentifier\":\"vulnreport@tenable.com\",\"published\":\"2023-09-20T14:15:15.127\",\"lastModified\":\"2024-11-21T08:24:07.540\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions \u003c 0.18.15r, allows unauthenticated attackers to upload firmware images and configuration backups, which could allow them to alter the firmware or the configuration on the device, ultimately leading to code execution as root.\u00a0\"},{\"lang\":\"es\",\"value\":\"fake_upload.cgi en Telstra Smart Modem Gen 2 (Arcadyan LH1000), versiones de firmware \u0026lt; 0.18.15r, permite a atacantes no autenticados cargar im\u00e1genes de firmware y copias de seguridad de configuraci\u00f3n, lo que podr\u00eda permitirles alterar el firmware o la configuraci\u00f3n en el dispositivo, lo que en \u00faltima instancia lleva a para ejecutar el c\u00f3digo como root.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"vulnreport@tenable.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:telstra:arcadyan_lh1000_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.18.15r\",\"matchCriteriaId\":\"35A4EC70-8D90-4C41-AD63-0C531644C396\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:telstra:arcadyan_lh1000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18BB9AA9-95B5-4EF5-B398-7B2E80991966\"}]}]}],\"references\":[{\"url\":\"https://www.tenable.com/security/research/tra-2023-19\",\"source\":\"vulnreport@tenable.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/research/tra-2023-19\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.tenable.com/security/research/tra-2023-19\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T19:44:42.240Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-43478\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-24T18:56:11.095403Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:h:telstra:arcadyan_lh1000:-:*:*:*:*:*:*:*\"], \"vendor\": \"telstra\", \"product\": \"arcadyan_lh1000\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"0.18.15r\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-24T18:57:51.556Z\"}}], \"cna\": {\"title\": \"Unauthenticated configuration restore and firmware update\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-176\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-176 Configuration/Environment Manipulation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Telstra\", \"product\": \"Smart Modem Gen 2 (Arcadyan LH1000)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"0.18.15r\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.tenable.com/security/research/tra-2023-19\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions \u003c 0.18.15r, allows unauthenticated attackers to upload firmware images and configuration backups, which could allow them to alter the firmware or the configuration on the device, ultimately leading to code execution as root.\\u00a0\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions \u0026lt; 0.18.15r, allows unauthenticated attackers to upload firmware images and configuration backups, which could allow them to alter the firmware or the configuration on the device, ultimately leading to code execution as root.\u0026nbsp;\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"5ac1ecc2-367a-4d16-a0b2-35d495ddd0be\", \"shortName\": \"tenable\", \"dateUpdated\": \"2023-09-20T13:03:10.299Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-43478\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-24T18:58:06.387Z\", \"dateReserved\": \"2023-09-18T17:35:17.960Z\", \"assignerOrgId\": \"5ac1ecc2-367a-4d16-a0b2-35d495ddd0be\", \"datePublished\": \"2023-09-20T13:03:10.299Z\", \"assignerShortName\": \"tenable\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…