Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-5142

A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file /userLogin.asp of the component Config File Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-240238 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Published

2023-09-24T22:15:10.087

Last Modified

2024-11-21T08:41:08.843

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.7 (LOW)

CVSSv2 Vector

AV:N/AC:H/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

4.9

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-22
Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	h3c	gr-1100-p_firmware	≤ 20230908	Yes
Hardware	h3c	gr-1100-p	-	No
Operating System	h3c	gr-1108-p_firmware	≤ 20230908	Yes
Hardware	h3c	gr-1108-p	-	No
Operating System	h3c	gr-1200w_firmware	≤ 20230908	Yes
Hardware	h3c	gr-1200w	-	No
Operating System	h3c	gr-1800ax_firmware	≤ 20230908	Yes
Hardware	h3c	gr-1800ax	-	No
Operating System	h3c	gr-2200_firmware	≤ 20230908	Yes
Hardware	h3c	gr-2200	-	No
Operating System	h3c	gr-3200_firmware	≤ 20230908	Yes
Hardware	h3c	gr-3200	-	No
Operating System	h3c	gr-5200_firmware	≤ 20230908	Yes
Hardware	h3c	gr-5200	-	No
Operating System	h3c	gr-8300_firmware	≤ 20230908	Yes
Hardware	h3c	gr-8300	-	No
Operating System	h3c	er3260g2_firmware	≤ 20230908	Yes
Hardware	h3c	er3260g2	-	No
Operating System	h3c	er5200g2_firmware	≤ 20230908	Yes
Hardware	h3c	er5200g2	-	No
Operating System	h3c	er3200g2_firmware	≤ 20230908	Yes
Hardware	h3c	er3200g2	-	No
Operating System	h3c	er2100n_firmware	≤ 20230908	Yes
Hardware	h3c	er2100n	-	No
Operating System	h3c	er6300g2_firmware	≤ 20230908	Yes
Hardware	h3c	er6300g2	-	No
Operating System	h3c	er5100g2_firmware	≤ 20230908	Yes
Hardware	h3c	er5100g2	-	No
Operating System	h3c	er2200g2_firmware	≤ 20230908	Yes
Hardware	h3c	er2200g2	-	No

References

https://github.com/CJCniubi666/H3C-ER/blob/main/README.md Exploit, Third Party Advisory ([email protected])
https://github.com/yinsel/CVE-H3C-Report Exploit, Third Party Advisory ([email protected])
https://vuldb.com/?ctiid.240238 Permissions Required, Third Party Advisory ([email protected])
https://vuldb.com/?id.240238 Third Party Advisory ([email protected])
https://github.com/CJCniubi666/H3C-ER/blob/main/README.md Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/yinsel/CVE-H3C-Report Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://vuldb.com/?ctiid.240238 Permissions Required, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://vuldb.com/?id.240238 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)