CVE-2023-43477 - OpenCVE

The ping_from parameter of ping_tracerte.cgi in the web UI of Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, was not properly sanitized before being used in a system call, which could allow an authenticated attacker to achieve command injection as root on the device.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Telstra	Arcadyan Lh1000 Firmware Arcadyan Lh1000

Configuration 1 [-]

AND

cpe:2.3:o:telstra:arcadyan_lh1000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:telstra:arcadyan_lh1000:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.tenable.com/security/research/tra-2023-19	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: tenable

Published: 2023-09-20T12:41:03.578Z

Updated: 2023-09-20T12:41:03.578Z

Reserved: 2023-09-18T17:35:17.960Z

Link: CVE-2023-43477

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-09-20T13:15:12.047

Modified: 2023-09-22T18:37:02.227

Link: CVE-2023-43477

JSON object: View

Redhat Information

No data.

CWE

CWE-77

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-43477", "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "state": "PUBLISHED", "assignerShortName": "tenable", "dateReserved": "2023-09-18T17:35:17.960Z", "datePublished": "2023-09-20T12:41:03.578Z", "dateUpdated": "2023-09-20T12:41:03.578Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Smart Modem Gen 2 (Arcadyan LH1000)", "vendor": "Telstra", "versions": [{"lessThan": "0.18.15r", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The ping_from parameter of ping_tracerte.cgi in the web UI of Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, was not properly sanitized before being used in a system call, which could allow an authenticated attacker to achieve command injection as root on the device. "}], "value": "The ping_from parameter of ping_tracerte.cgi in the web UI of Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, was not properly sanitized before being used in a system call, which could allow an authenticated attacker to achieve command injection as root on the device.\u00a0"}], "impacts": [{"capecId": "CAPEC-248", "descriptions": [{"lang": "en", "value": "CAPEC-248 Command Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable", "dateUpdated": "2023-09-20T12:41:03.578Z"}, "references": [{"url": "https://www.tenable.com/security/research/tra-2023-19"}], "source": {"discovery": "UNKNOWN"}, "title": "Post-Auth Command Injection in Telstra Smart Modem Gen 2 (Arcadyan LH1000)", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:telstra:arcadyan_lh1000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "35A4EC70-8D90-4C41-AD63-0C531644C396", "versionEndExcluding": "0.18.15r", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:telstra:arcadyan_lh1000:-:*:*:*:*:*:*:*", "matchCriteriaId": "18BB9AA9-95B5-4EF5-B398-7B2E80991966", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The ping_from parameter of ping_tracerte.cgi in the web UI of Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, was not properly sanitized before being used in a system call, which could allow an authenticated attacker to achieve command injection as root on the device.\u00a0"}, {"lang": "es", "value": "El par\u00e1metro ping_from de ping_tracerte.cgi en la interfaz de usuario web de Telstra Smart Modem Gen 2 (Arcadyan LH1000), versiones de firmware < 0.18.15r, no se sanitiz\u00f3 adecuadamente antes de usarse en una llamada al sistema, lo que podr\u00eda permitir que un atacante autenticado lograra el comando. inyecci\u00f3n como root en el dispositivo.\n"}], "id": "CVE-2023-43477", "lastModified": "2023-09-22T18:37:02.227", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "vulnreport@tenable.com", "type": "Secondary"}]}, "published": "2023-09-20T13:15:12.047", "references": [{"source": "vulnreport@tenable.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.tenable.com/security/research/tra-2023-19"}], "sourceIdentifier": "vulnreport@tenable.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-77"}], "source": "vulnreport@tenable.com", "type": "Secondary"}]}