CVE-2023-34213 - OpenCVE

TN-5900 Series firmware versions v3.3 and prior are vulnerable to command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Moxa	Tn-5900 Tn-5900 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:moxa:tn-5900_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Moxa

Published: 2023-08-17T02:20:20.289Z

Updated: 2023-08-17T02:20:20.289Z

Reserved: 2023-05-31T08:58:06.148Z

Link: CVE-2023-34213

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-08-17T03:15:09.663

Modified: 2023-08-22T18:51:41.683

Link: CVE-2023-34213

JSON object: View

Redhat Information

No data.

CWE

CWE-77

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-34213", "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "state": "PUBLISHED", "assignerShortName": "Moxa", "dateReserved": "2023-05-31T08:58:06.148Z", "datePublished": "2023-08-17T02:20:20.289Z", "dateUpdated": "2023-08-17T02:20:20.289Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "TN-5900 Series", "vendor": "Moxa", "versions": [{"lessThanOrEqual": "3.3", "status": "affected", "version": "1.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">TN-5900 Series firmware versions v3.3 and prior are vulnerable to command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication</span> <span style=\"background-color: rgb(255, 255, 255);\">in the key</span><span style=\"background-color: rgb(255, 255, 255);\">-</span><span style=\"background-color: rgb(255, 255, 255);\">generation function, which could potentially allow malicious users to execute remote code on affected devices.</span><span style=\"background-color: rgb(255, 255, 255);\"> </span><br>"}], "value": "TN-5900 Series firmware versions v3.3 and prior are vulnerable to command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices.\u00a0\n"}], "impacts": [{"capecId": "CAPEC-248", "descriptions": [{"lang": "en", "value": "CAPEC-248 Command Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "shortName": "Moxa", "dateUpdated": "2023-08-17T02:20:20.289Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below.<br><ul><li>TN-5900 Series: Please upgrade to firmware v3.4 or higher.</li></ul>"}], "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below.\n * TN-5900 Series: Please upgrade to firmware v3.4 or higher.\n\n\n"}], "source": {"discovery": "EXTERNAL"}, "title": "Second Order Command-injection Vulnerability in the Key-generation Function", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:tn-5900_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "ABA65A45-A850-440B-8B4B-191D46059E71", "versionEndIncluding": "3.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*", "matchCriteriaId": "7D1E9F45-0ED4-4223-BC9B-D2E01A583DCA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "TN-5900 Series firmware versions v3.3 and prior are vulnerable to command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices.\u00a0\n"}], "id": "CVE-2023-34213", "lastModified": "2023-08-22T18:51:41.683", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "psirt@moxa.com", "type": "Secondary"}]}, "published": "2023-08-17T03:15:09.663", "references": [{"source": "psirt@moxa.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"}], "sourceIdentifier": "psirt@moxa.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-77"}], "source": "psirt@moxa.com", "type": "Secondary"}]}