CVE-2023-1731 - OpenCVE

In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Meinbergglobal	Lantime Firmware Lantime M100 Lantime M200 Lantime M300 Lantime M400 Lantime M600 Lantime M900

Configuration 1 [-]

AND

cpe:2.3:o:meinbergglobal:lantime_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:meinbergglobal:lantime_m100:-:::::::*
	cpe:2.3:h:meinbergglobal:lantime_m200:-:::::::*
	cpe:2.3:h:meinbergglobal:lantime_m300:-:::::::*
	cpe:2.3:h:meinbergglobal:lantime_m400:-:::::::*
	cpe:2.3:h:meinbergglobal:lantime_m600:-:::::::*
	cpe:2.3:h:meinbergglobal:lantime_m900:-:::::::*

No data.

References

Link	Providers
https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-2023-02-lantime-firmware-v7-06-013.htm

History

No history.

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2023-04-24T13:36:03.117Z

Updated: 2024-08-02T05:57:25.243Z

Reserved: 2023-03-30T15:06:41.196Z

Link: CVE-2023-1731

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-04-24T14:15:07.640

Modified: 2023-05-23T06:15:09.180

Link: CVE-2023-1731

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-1731", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2023-03-30T15:06:41.196Z", "datePublished": "2023-04-24T13:36:03.117Z", "dateUpdated": "2024-08-02T05:57:25.243Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "LTOS", "vendor": "Meinberg", "versions": [{"lessThan": "7.06.013", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Many thanks to Noam Moshe of Claroty for reporting this vulnerability."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands.<br>"}], "value": "In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands.\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2023-05-23T05:49:20.632Z"}, "references": [{"url": "https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-2023-02-lantime-firmware-v7-06-013.htm"}], "source": {"defect": ["CERT@VDE#64425"], "discovery": "UNKNOWN"}, "title": "Improper Input Validation in Meinberg LTOS", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:57:25.243Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-2023-02-lantime-firmware-v7-06-013.htm", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:meinbergglobal:lantime_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8085F2DD-CD93-4D37-9567-62966EB45A12", "versionEndExcluding": "7.06.013", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:meinbergglobal:lantime_m100:-:*:*:*:*:*:*:*", "matchCriteriaId": "2541CE93-F4C4-453E-83AC-ED39D83571DF", "vulnerable": false}, {"criteria": "cpe:2.3:h:meinbergglobal:lantime_m200:-:*:*:*:*:*:*:*", "matchCriteriaId": "A0C58392-64BE-4A64-9B43-F599D03CBD3E", "vulnerable": false}, {"criteria": "cpe:2.3:h:meinbergglobal:lantime_m300:-:*:*:*:*:*:*:*", "matchCriteriaId": "D5FCA50A-2C6A-41ED-8E9D-38BA52C8428B", "vulnerable": false}, {"criteria": "cpe:2.3:h:meinbergglobal:lantime_m400:-:*:*:*:*:*:*:*", "matchCriteriaId": "51E5EFBE-3C3F-4386-A469-E190611A5A34", "vulnerable": false}, {"criteria": "cpe:2.3:h:meinbergglobal:lantime_m600:-:*:*:*:*:*:*:*", "matchCriteriaId": "46F4C7AA-30BB-402B-A21C-6FEEC919853C", "vulnerable": false}, {"criteria": "cpe:2.3:h:meinbergglobal:lantime_m900:-:*:*:*:*:*:*:*", "matchCriteriaId": "164CB3CF-F979-4591-8DF8-972123E216B0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands.\n"}], "id": "CVE-2023-1731", "lastModified": "2023-05-23T06:15:09.180", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "info@cert.vde.com", "type": "Primary"}]}, "published": "2023-04-24T14:15:07.640", "references": [{"source": "info@cert.vde.com", "tags": ["Vendor Advisory"], "url": "https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-2023-02-lantime-firmware-v7-06-013.htm"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "info@cert.vde.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Secondary"}]}