Vulnérabilité CVE-2023-39240 CVE Vulnerability

Publié par . Publié dans Overflows

It is identified a format string vulnerability in ASUS RT-AX56U V2’s iperf client function API. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_cli.cgi module. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service. (CVSS:9.8) (Last Update:2023-09-07 08:15:08)

Vulnerability Details :

Vulnerability category:Overflow

Published 2023-09-07 08:15:08

Updated 2023-09-07 08:15:08

SourceTWCERT/CC

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2023-39240

We don't have an EPSS score for this CVE yet EPSS FAQ

CVSS scores for CVE-2023-39240

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	[email protected]
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2023-39240

CWE-134 Use of Externally-Controlled Format String
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
Assigned by: [email protected] (Primary)

References for CVE-2023-39240

https://www.twcert.org.tw/tw/cp-132-7356-021bf-1.html

Vulnérabilité CVE-2023-39240 CVE Vulnerability

Vulnerability Details :

Exploit prediction scoring system (EPSS) score for CVE-2023-39240

CVSS scores for CVE-2023-39240

CWE ids for CVE-2023-39240

References for CVE-2023-39240

Pour nous Contacter

Newsletter Cybersécurité

Ressources Sécurité

Notre expertise cybersécurité validée par de multiples certifications internationales