CVE-2023-1778 - OpenCVE

This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 (except v4.21) due to insecure default credentials which allows remote attacker to login as superuser by using default username/password via web-based management interface and/or exposed SSH port thereby enabling remote attackers to execute arbitrary commands with administrative/superuser privileges on the targeted systems. The vulnerability has been addressed by forcing the user to change their default password to a new non-default password.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Gajshield	Data Security Firewall Data Security Firewall Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:gajshield:data_security_firewall_firmware::::::::
	cpe:2.3:o:gajshield:data_security_firewall_firmware::::::::

cpe:2.3:h:gajshield:data_security_firewall:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0119	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: CERT-In

Published: 2023-04-27T09:33:19.070Z

Updated: 2023-04-28T11:05:32.435Z

Reserved: 2023-03-31T11:56:48.453Z

Link: CVE-2023-1778

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-04-27T10:15:09.160

Modified: 2023-05-08T18:34:04.320

Link: CVE-2023-1778

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-1778", "assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c", "state": "PUBLISHED", "assignerShortName": "CERT-In", "dateReserved": "2023-03-31T11:56:48.453Z", "datePublished": "2023-04-27T09:33:19.070Z", "dateUpdated": "2023-04-28T11:05:32.435Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Data Security Firewall", "vendor": "GajShield", "versions": [{"lessThan": "4.28", "status": "affected", "version": "4.5", "versionType": "custom"}, {"status": "unaffected", "version": "4.21"}]}], "credits": [{"lang": "en", "type": "finder", "value": "This vulnerability is identified by Prashant Pandey from Indian Computer Emergency Response Team (CERT-In)."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 (except v4.21) due to insecure default credentials which allows remote attacker to login as superuser by using default username/password via web-based management interface and/or exposed SSH port thereby enabling remote attackers to execute arbitrary commands with administrative/superuser privileges on the targeted systems.</p><br><br><p>The vulnerability has been addressed by forcing the user to change their default password to a new non-default password.</p><br>"}], "value": "This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 (except v4.21) due to insecure default credentials which allows remote attacker to login as superuser by using default username/password via web-based management interface and/or exposed SSH port thereby enabling remote attackers to execute arbitrary commands with administrative/superuser privileges on the targeted systems.\n\nThe vulnerability has been addressed by forcing the user to change their default password to a new non-default password.\n"}], "impacts": [{"capecId": "CAPEC-114", "descriptions": [{"lang": "en", "value": "CAPEC-114 Authentication Abuse"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287 Improper Authentication", "lang": "en", "type": "CWE"}]}], "references": [{"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0119"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update GajShield Data Security Firewall firmware to latest version <br><br><a target=\"_blank\" rel=\"nofollow\" href=\"https://kb.gajshield.com/kbarticle?entryid=299&parentid=35\">https://kb.gajshield.com/kbarticle?entryid=299&parentid=35</a><br><a target=\"_blank\" rel=\"nofollow\" href=\"https://kb.gajshield.com/kbarticle?entryid=318&parentid=35\">https://kb.gajshield.com/kbarticle?entryid=318&parentid=35</a><br>"}], "value": "Update GajShield Data Security Firewall firmware to latest version \n\n https://kb.gajshield.com/kbarticle?entryid=299&parentid=35 https://kb.gajshield.com/kbarticle \n https://kb.gajshield.com/kbarticle?entryid=318&parentid=35 https://kb.gajshield.com/kbarticle \n"}], "source": {"discovery": "UNKNOWN"}, "title": "Default Credential Vulnerability in GajShield Data Security Firewall", "providerMetadata": {"orgId": "66834db9-ab24-42b4-be80-296b2e40335c", "shortName": "CERT-In", "dateUpdated": "2023-04-28T11:05:32.435Z"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gajshield:data_security_firewall_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC450B0E-9218-431E-AF1E-66DAE043583E", "versionEndExcluding": "4.21", "vulnerable": true}, {"criteria": "cpe:2.3:o:gajshield:data_security_firewall_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8D28542-6331-414D-8C95-40D84D624BF1", "versionEndExcluding": "4.28", "versionStartIncluding": "4.22", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gajshield:data_security_firewall:-:*:*:*:*:*:*:*", "matchCriteriaId": "4DC0BE30-5990-4A63-A541-2455018D94EB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 (except v4.21) due to insecure default credentials which allows remote attacker to login as superuser by using default username/password via web-based management interface and/or exposed SSH port thereby enabling remote attackers to execute arbitrary commands with administrative/superuser privileges on the targeted systems.\n\nThe vulnerability has been addressed by forcing the user to change their default password to a new non-default password.\n"}], "id": "CVE-2023-1778", "lastModified": "2023-05-08T18:34:04.320", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "vdisclose@cert-in.org.in", "type": "Secondary"}]}, "published": "2023-04-27T10:15:09.160", "references": [{"source": "vdisclose@cert-in.org.in", "tags": ["Third Party Advisory"], "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0119"}], "sourceIdentifier": "vdisclose@cert-in.org.in", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "vdisclose@cert-in.org.in", "type": "Secondary"}]}