CVE-2023-1731
Published Apr 24, 2023
Last updated a year ago
Overview
- Description
- In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands.
- Source
- info@cert.vde.com
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:meinbergglobal:lantime_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8085F2DD-CD93-4D37-9567-62966EB45A12",
"versionEndExcluding": "7.06.013"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:meinbergglobal:lantime_m100:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2541CE93-F4C4-453E-83AC-ED39D83571DF"
},
{
"criteria": "cpe:2.3:h:meinbergglobal:lantime_m200:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A0C58392-64BE-4A64-9B43-F599D03CBD3E"
},
{
"criteria": "cpe:2.3:h:meinbergglobal:lantime_m300:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D5FCA50A-2C6A-41ED-8E9D-38BA52C8428B"
},
{
"criteria": "cpe:2.3:h:meinbergglobal:lantime_m400:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "51E5EFBE-3C3F-4386-A469-E190611A5A34"
},
{
"criteria": "cpe:2.3:h:meinbergglobal:lantime_m600:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "46F4C7AA-30BB-402B-A21C-6FEEC919853C"
},
{
"criteria": "cpe:2.3:h:meinbergglobal:lantime_m900:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "164CB3CF-F979-4591-8DF8-972123E216B0"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]