CVE-2023-41779

Published Jan 3, 2024

Last updated 10 months ago

CVSS medium 5.5

Overview

Description: There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed.
Source: psirt@zte.com.cn
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-863
psirt@zte.com.cn: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:zte:zxcloud_irai_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC0DCC6B-32B8-4C28-BDAF-37604BA1ABFC",
            "versionEndExcluding": "7.23.32"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:zte:zxcloud_irai:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6D48BE8C-7C78-41D7-87F1-22BFB91E3A5C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References