CVE-2023-43627 - OpenCVE

Path traversal vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent authenticated attacker to alter critical information such as system files by sending a specially crafted request. They are affected when running in ST(Standalone) mode.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Furunosystems	Acera 1310 Firmware Acera 1320 Acera 1310 Acera 1320 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:furunosystems:acera_1310_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:furunosystems:acera_1310:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:furunosystems:acera_1320_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:furunosystems:acera_1320:-:*:*:*:*:*:*:*

References

Link	Resource
https://jvn.jp/en/vu/JVNVU94497038/	Third Party Advisory
https://www.furunosystems.co.jp/news/info/vulner20231002.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: jpcert

Published: 2023-10-03T00:18:13.113Z

Updated: 2023-10-03T00:18:13.113Z

Reserved: 2023-09-22T04:36:31.640Z

Link: CVE-2023-43627

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-10-03T01:15:57.017

Modified: 2023-10-04T21:03:53.027

Link: CVE-2023-43627

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:furunosystems:acera_1310_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5FFEB8A0-F2DE-4C34-8C93-BDC2D903BE64", "versionEndIncluding": "01.26", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:furunosystems:acera_1310:-:*:*:*:*:*:*:*", "matchCriteriaId": "D97D14B5-1763-44C0-8EED-A3F787A97A8C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:furunosystems:acera_1320_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4F94D3C1-940A-4A09-B99B-9BB79B73EA63", "versionEndIncluding": "01.26", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:furunosystems:acera_1320:-:*:*:*:*:*:*:*", "matchCriteriaId": "09DD97A0-77E2-4BC6-A8EC-7BEF65B75E0C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Path traversal vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent authenticated attacker to alter critical information such as system files by sending a specially crafted request. They are affected when running in ST(Standalone) mode."}, {"lang": "es", "value": "Vulnerabilidad de path traversal en el firmware ACERA 1320 versi\u00f3n 01.26 y anteriores, y en el firmware ACERA 1310 versi\u00f3n 01.26 y anteriores permite que un atacante autenticado adyacente a la red altere informaci\u00f3n cr\u00edtica, como archivos del sistema, mediante el env\u00edo de una solicitud especialmente manipulada. Se ven afectados cuando se ejecutan en modo ST (Standalone)."}], "id": "CVE-2023-43627", "lastModified": "2023-10-04T21:03:53.027", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-03T01:15:57.017", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/vu/JVNVU94497038/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://www.furunosystems.co.jp/news/info/vulner20231002.html"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}