CVE-2023-42771 - OpenCVE

Authentication bypass vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent unauthenticated attacker who can access the affected product to download configuration files and/or log files, and upload configuration files and/or firmware. They are affected when running in ST(Standalone) mode.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Furunosystems	Acera 1310 Firmware Acera 1320 Acera 1310 Acera 1320 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:furunosystems:acera_1310_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:furunosystems:acera_1310:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:furunosystems:acera_1320_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:furunosystems:acera_1320:-:*:*:*:*:*:*:*

References

Link	Resource
https://jvn.jp/en/vu/JVNVU94497038/	Third Party Advisory
https://www.furunosystems.co.jp/news/info/vulner20231002.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: jpcert

Published: 2023-10-03T00:17:00.358Z

Updated: 2023-10-03T00:17:00.358Z

Reserved: 2023-09-22T04:36:33.436Z

Link: CVE-2023-42771

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-10-03T01:15:56.967

Modified: 2023-10-04T21:05:00.090

Link: CVE-2023-42771

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:furunosystems:acera_1310_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5FFEB8A0-F2DE-4C34-8C93-BDC2D903BE64", "versionEndIncluding": "01.26", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:furunosystems:acera_1310:-:*:*:*:*:*:*:*", "matchCriteriaId": "D97D14B5-1763-44C0-8EED-A3F787A97A8C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:furunosystems:acera_1320_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4F94D3C1-940A-4A09-B99B-9BB79B73EA63", "versionEndIncluding": "01.26", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:furunosystems:acera_1320:-:*:*:*:*:*:*:*", "matchCriteriaId": "09DD97A0-77E2-4BC6-A8EC-7BEF65B75E0C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Authentication bypass vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent unauthenticated attacker who can access the affected product to download configuration files and/or log files, and upload configuration files and/or firmware. They are affected when running in ST(Standalone) mode."}, {"lang": "es", "value": "Vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en el firmware ACERA 1320 versi\u00f3n 01.26 y anteriores, y en el firmware ACERA 1310 versi\u00f3n 01.26 y anteriores, permite que un atacante no autenticado adyacente a la red que puede acceder al producto afectado descargue archivos de configuraci\u00f3n y/o archivos de registro, y cargue archivos de configuraci\u00f3n y /o firmware. Se ven afectados cuando se ejecutan en modo ST (independiente)."}], "id": "CVE-2023-42771", "lastModified": "2023-10-04T21:05:00.090", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-03T01:15:56.967", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/vu/JVNVU94497038/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://www.furunosystems.co.jp/news/info/vulner20231002.html"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}