CVE-2023-41349 - OpenCVE

ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack, resulting in sensitivity information leakage, or forcing the device to reset and permanent denial of service.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Asus	Rt-ax88u Firmware Rt-ax88u

Configuration 1 [-]

AND

cpe:2.3:o:asus:rt-ax88u_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asus:rt-ax88u:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.twcert.org.tw/tw/cp-132-7371-aecf1-1.html	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: twcert

Published: 2023-09-18T02:36:30.234Z

Updated: 2023-09-18T02:36:30.234Z

Reserved: 2023-08-29T00:11:47.812Z

Link: CVE-2023-41349

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-09-18T03:15:08.113

Modified: 2023-09-19T21:23:04.903

Link: CVE-2023-41349

JSON object: View

Redhat Information

No data.

CWE

CWE-134

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-41349", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "state": "PUBLISHED", "assignerShortName": "twcert", "dateReserved": "2023-08-29T00:11:47.812Z", "datePublished": "2023-09-18T02:36:30.234Z", "dateUpdated": "2023-09-18T02:36:30.234Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "RT-AX88U", "vendor": "ASUS", "versions": [{"lessThan": "3.0.0.4_388_23748", "status": "affected", "version": " ", "versionType": "custom"}]}], "datePublic": "2023-09-18T02:36:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack,</span><span style=\"background-color: rgb(255, 255, 255);\"> resulting</span> in sensitivity information leakage<span style=\"background-color: rgb(255, 255, 255);\">, or forcing the device to reset and permanent denial of service.</span>\n\n"}], "value": "\nASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack, resulting in sensitivity information leakage, or forcing the device to reset and permanent denial of service.\n\n"}], "impacts": [{"capecId": "CAPEC-135", "descriptions": [{"lang": "en", "value": "CAPEC-135 Format String Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-134", "description": "CWE-134 Use of Externally-Controlled Format String", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2023-09-18T02:36:30.234Z"}, "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7371-aecf1-1.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update the version to <span style=\"background-color: rgb(255, 255, 255);\">3.0.0.4_388_23748 or later.</span>"}], "value": "Update the version to\u00a03.0.0.4_388_23748 or later."}], "source": {"advisory": "TVN-202309010", "discovery": "EXTERNAL"}, "title": "ASUS RT-AX88U - externally-controlled format string", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asus:rt-ax88u_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "478237D3-96B5-45FA-8953-006AA06B5AE8", "versionEndExcluding": "3.0.0.4.388.23748", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asus:rt-ax88u:-:*:*:*:*:*:*:*", "matchCriteriaId": "BB91E047-5AE1-4CA0-9E67-84170D79770C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "\nASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack, resulting in sensitivity information leakage, or forcing the device to reset and permanent denial of service.\n\n"}, {"lang": "es", "value": "El router ASUS RT-AX88U tiene una vulnerabilidad de uso de cadenas de formato controlables externamente dentro de su funci\u00f3n Advanced Open VPN. Un atacante remoto autenticado puede aprovechar la configuraci\u00f3n de OpenVPN exportada para ejecutar un ataque de cadena de formato controlado externamente, lo que resulta en una fuga de informaci\u00f3n sensible o obliga al dispositivo a reiniciarse y a la denegaci\u00f3n de servicio permanente. "}], "id": "CVE-2023-41349", "lastModified": "2023-09-19T21:23:04.903", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "twcert@cert.org.tw", "type": "Primary"}]}, "published": "2023-09-18T03:15:08.113", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-7371-aecf1-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-134"}], "source": "twcert@cert.org.tw", "type": "Primary"}]}