CVE-2023-2373

Published Apr 28, 2023

Last updated 9 months ago

CVSS high 8.8

Overview

Description: A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Management Interface. The manipulation of the argument ecn-up leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227649 was assigned to this vulnerability.
Source: cna@vuldb.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Secondary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

cna@vuldb.com: CWE-77

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ui:edgemax_edgerouter_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D3FE42C-7A01-420B-BD79-60992B4DC90F",
            "versionEndExcluding": "2.0.9"
          },
          {
            "criteria": "cpe:2.3:o:ui:edgemax_edgerouter_firmware:2.0.9:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD084B6E-95B1-43EC-B44D-067F84857006"
          },
          {
            "criteria": "cpe:2.3:o:ui:edgemax_edgerouter_firmware:2.0.9:hotfix1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0CE2156-E44D-4137-B823-E29E9B504090"
          },
          {
            "criteria": "cpe:2.3:o:ui:edgemax_edgerouter_firmware:2.0.9:hotfix2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D674905D-1E0B-428D-826A-CB75E5E0313C"
          },
          {
            "criteria": "cpe:2.3:o:ui:edgemax_edgerouter_firmware:2.0.9:hotfix4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ACD593F1-F9C4-40F1-AE07-82015E69429F"
          },
          {
            "criteria": "cpe:2.3:o:ui:edgemax_edgerouter_firmware:2.0.9:hotfix5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "643B67AA-ED41-4716-8449-E010B44F1900"
          },
          {
            "criteria": "cpe:2.3:o:ui:edgemax_edgerouter_firmware:2.0.9:hotfix6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ADEBD144-84BF-4A6C-B18F-4DBC6261D0D1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ui:er-x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "91B9AD72-BF39-4731-85B9-26036F7C425B"
          },
          {
            "criteria": "cpe:2.3:h:ui:er-x-sfp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4F922D6E-7C6D-4984-A0DF-6EDC0C7A9900"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References