{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-2379", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-04-28T11:30:10.404Z", "datePublished": "2023-04-28T16:31:03.591Z", "dateUpdated": "2024-02-13T07:19:43.737Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-02-13T07:19:43.737Z"}, "title": "Ubiquiti EdgeRouter X Web Service denial of service", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-404", "lang": "en", "description": "CWE-404 Denial of Service"}]}], "affected": [{"vendor": "Ubiquiti", "product": "EdgeRouter X", "versions": [{"version": "2.0.9-hotfix.0", "status": "affected"}, {"version": "2.0.9-hotfix.1", "status": "affected"}, {"version": "2.0.9-hotfix.2", "status": "affected"}, {"version": "2.0.9-hotfix.3", "status": "affected"}, {"version": "2.0.9-hotfix.4", "status": "affected"}, {"version": "2.0.9-hotfix.5", "status": "affected"}, {"version": "2.0.9-hotfix.6", "status": "affected"}], "modules": ["Web Service"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Service. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227655."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in Ubiquiti EdgeRouter X bis 2.0.9-hotfix.6 entdeckt. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Komponente Web Service. Durch Beeinflussen mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "timeline": [{"time": "2023-04-28T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-04-28T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2023-04-28T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2023-05-21T16:14:21.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "leetmoon (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.227655", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.227655", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/DoS", "tags": ["broken-link", "exploit"]}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ui:er-x_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5E5C7E0B-4335-44F0-A19F-6E68D9CFD5AF", "versionEndExcluding": "2.0.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:-:*:*:*:*:*:*", "matchCriteriaId": "9DB3EE14-A555-4DCA-9C16-F3D72489F10C", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix2:*:*:*:*:*:*", "matchCriteriaId": "2844D28C-FAD9-498A-93FF-7A4A217210A8", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix3:*:*:*:*:*:*", "matchCriteriaId": "FF7E7155-EFDC-42E0-A851-8FD2C58A2076", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix4:*:*:*:*:*:*", "matchCriteriaId": "B0473F8F-8D1E-4CEB-A7FC-979F3F3AAF29", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix5:*:*:*:*:*:*", "matchCriteriaId": "C5D34B1D-9F1F-4A1F-A76C-FB4EE83D08F7", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-x_firmware:2.0.9:hotfix6:*:*:*:*:*:*", "matchCriteriaId": "93A4BC03-E96D-42A9-9034-7017DA6EA389", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ui:er-x:-:*:*:*:*:*:*:*", "matchCriteriaId": "91B9AD72-BF39-4731-85B9-26036F7C425B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "34DA36D8-F0BD-4E98-A74C-5D50AD0980C5", "versionEndExcluding": "2.0.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:-:*:*:*:*:*:*", "matchCriteriaId": "906F4A72-7C6D-45FD-875F-2D2791CE9F4A", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix2:*:*:*:*:*:*", "matchCriteriaId": "B919E33F-AC70-432C-A3F8-29FDFC710BB0", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix3:*:*:*:*:*:*", "matchCriteriaId": "F4191452-071A-4BF1-B312-C4F9C28A5205", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix4:*:*:*:*:*:*", "matchCriteriaId": "FFEE96EB-D8AE-4B23-B090-E86FBA4BEF73", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix5:*:*:*:*:*:*", "matchCriteriaId": "101616F2-CA1A-4BF0-9025-F20EDA26F235", "vulnerable": true}, {"criteria": "cpe:2.3:o:ui:er-x-sfp_firmware:2.0.9:hotfix6:*:*:*:*:*:*", "matchCriteriaId": "47ABA9C8-67E4-4DE2-822A-3E17639F745E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ui:er-x-sfp:-:*:*:*:*:*:*:*", "matchCriteriaId": "4F922D6E-7C6D-4984-A0DF-6EDC0C7A9900", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Service. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227655."}], "id": "CVE-2023-2379", "lastModified": "2024-05-17T02:22:54.813", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2023-04-28T17:15:43.067", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/leetsun/IoT/tree/main/EdgeRouterX/DoS"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?ctiid.227655"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.227655"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-404"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-404"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}