github - ghsa-263f-979q-w9h5

ghsa-263f-979q-w9h5

Vulnerability from github

Published

2023-10-26 18:30

Modified

2023-11-07 21:30

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

The application suffers from a privilege escalation vulnerability. A user with read permissions can elevate privileges by sending a HTTP POST to set a parameter.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-41966"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-267",
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-26T17:15:08Z",
    "severity": "HIGH"
  },
  "details": "\n\n\nThe application suffers from a privilege escalation vulnerability. A \nuser with read permissions can elevate privileges by sending a HTTP POST\n to set a parameter.\n\n\n\n\n\n\n\n",
  "id": "GHSA-263f-979q-w9h5",
  "modified": "2023-11-07T21:30:22Z",
  "published": "2023-10-26T18:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41966"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
    },
    {
      "type": "WEB",
      "url": "https://www.sielco.org/en/contacts"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

cve-2023-41966

Vulnerability from cvelistv5

Published

2023-10-26 16:21

Modified

2024-08-02 19:09

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

Sielco Radio Link and Analog FM Transmitters Privilege Defined With Unsafe Actions

References

▼	URL	Tags
	https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08
	https://www.sielco.org/en/contacts

Impacted products

▼	Vendor	Product
	Sielco	Analog FM transmitter
	Sielco	Radio Link

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:09:49.582Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.sielco.org/en/contacts"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Analog FM transmitter",
          "vendor": "Sielco",
          "versions": [
            {
              "status": "affected",
              "version": "2.12 (EXC5000GX)"
            },
            {
              "status": "affected",
              "version": "2.12 (EXC120GX)"
            },
            {
              "status": "affected",
              "version": "2.11 (EXC300GX)"
            },
            {
              "status": "affected",
              "version": "2.10 (EXC1600GX)"
            },
            {
              "status": "affected",
              "version": "2.10 (EXC2000GX)"
            },
            {
              "status": "affected",
              "version": "2.08 (EXC1600GX)"
            },
            {
              "status": "affected",
              "version": "2.08 (EXC1000GX)"
            },
            {
              "status": "affected",
              "version": "2.07 (EXC3000GX)"
            },
            {
              "status": "affected",
              "version": "2.06 (EXC5000GX)"
            },
            {
              "status": "affected",
              "version": "1.7.7 (EXC30GT)"
            },
            {
              "status": "affected",
              "version": "1.7.4 (EXC300GT)"
            },
            {
              "status": "affected",
              "version": "1.7.4 (EXC100GT)"
            },
            {
              "status": "affected",
              "version": "1.7.4 (EXC5000GT)"
            },
            {
              "status": "affected",
              "version": "1.6.3 (EXC1000GT)"
            },
            {
              "status": "affected",
              "version": "1.5.4 (EXC120GT)"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Radio Link",
          "vendor": "Sielco ",
          "versions": [
            {
              "status": "affected",
              "version": "2.06 (RTX19)"
            },
            {
              "status": "affected",
              "version": "2.05 (RTX19)"
            },
            {
              "status": "affected",
              "version": "2.00 (EXC19)"
            },
            {
              "status": "affected",
              "version": "1.60 (RTX19)"
            },
            {
              "status": "affected",
              "version": "1.59 (RTX19)"
            },
            {
              "status": "affected",
              "version": "1.55 (EXC19)"
            }
          ]
        }
      ],
      "datePublic": "2023-10-26T16:02:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\n\nThe application suffers from a privilege escalation vulnerability. A \nuser with read permissions can elevate privileges by sending a HTTP POST\n to set a parameter.\n\n\n\n\n\n\n\n"
            }
          ],
          "value": "\n\n\nThe application suffers from a privilege escalation vulnerability. A \nuser with read permissions can elevate privileges by sending a HTTP POST\n to set a parameter.\n\n\n\n\n\n\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-267",
              "description": "CWE-267 Privilege Defined With Unsafe Actions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-26T16:21:56.412Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08"
        },
        {
          "url": "https://www.sielco.org/en/contacts"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Sielco Radio Link and Analog FM Transmitters Privilege Defined With Unsafe Actions",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\nSielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.sielco.org/en/contacts\"\u003ecustomer support\u003c/a\u003e\u0026nbsp;for additional information.\n\n\u003cbr\u003e"
            }
          ],
          "value": "Sielco has not responded to requests to work with CISA to mitigate these\n vulnerabilities. Users of affected versions of Sielco PolyEco FM \nTransmitter are invited to contact Sielco  customer support https://www.sielco.org/en/contacts \u00a0for additional information.\n\n\n"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2023-41966",
    "datePublished": "2023-10-26T16:21:56.412Z",
    "dateReserved": "2023-10-25T15:23:55.519Z",
    "dateUpdated": "2024-08-02T19:09:49.582Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted