CVE-2023-1731 Information

Apr 27, 2023 cve

Description

In LTOS versions prior to V7.06.013 the configuration file upload function would not correctly validate the input which would allow an remote authenticated attacker with high privileges to execute arbitrary commands.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Reference

https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-2023-02-lantime-firmware-v7-06-013.htm

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.2

Share on: