CVE-2023-22971 - OpenCVE

Cross Site Scripting (XSS) vulnerability in Hughes Network Systems Router Terminal for HX200 v8.3.1.14, HX90 v6.11.0.5, HX50L v6.10.0.18, HN9460 v8.2.0.48, and HN7000S v6.9.0.37, allows unauthenticated attackers to misuse frames, include JS/HTML code and steal sensitive information from legitimate users of the application.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hughes	Hn7000s Hn7000s Firmware Hn9460 Hn9460 Firmware Hx200 Hx200 Firmware Hx50l Hx50l Firmware Hx90 Hx90 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:hughes:hx200_firmware:8.3.1.14:*:*:*:*:*:*:*

cpe:2.3:h:hughes:hx200:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:hughes:hx90_firmware:6.11.0.5:*:*:*:*:*:*:*

cpe:2.3:h:hughes:hx90:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:hughes:hx50l_firmware:6.10.0.18:*:*:*:*:*:*:*

cpe:2.3:h:hughes:hx50l:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:hughes:hn9460_firmware:8.2.0.48:*:*:*:*:*:*:*

cpe:2.3:h:hughes:hn9460:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:hughes:hn7000s_firmware:6.9.0.37:*:*:*:*:*:*:*

cpe:2.3:h:hughes:hn7000s:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.hughes.com
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5743.php

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-01-26T00:00:00

Updated: 2024-08-02T10:20:31.433Z

Reserved: 2023-01-11T00:00:00

Link: CVE-2023-22971

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-01-26T21:18:13.540

Modified: 2023-02-06T17:08:40.587

Link: CVE-2023-22971

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hughes:hx200_firmware:8.3.1.14:*:*:*:*:*:*:*", "matchCriteriaId": "37079B30-F603-4F83-8029-CBABA1EEB833", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hughes:hx200:-:*:*:*:*:*:*:*", "matchCriteriaId": "EC2B7F70-2C3E-446B-AE22-C989CFBEDC35", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hughes:hx90_firmware:6.11.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "57CF8972-7DA8-4C17-B7F4-1BAE7303BE8D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hughes:hx90:-:*:*:*:*:*:*:*", "matchCriteriaId": "C996F23D-CD89-4D6F-9B50-F752482C4147", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hughes:hx50l_firmware:6.10.0.18:*:*:*:*:*:*:*", "matchCriteriaId": "D8D414B3-A331-4049-8B5D-459690698E27", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hughes:hx50l:-:*:*:*:*:*:*:*", "matchCriteriaId": "DDB89AEF-9F1C-43FA-8E4D-20D424F2ACE6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hughes:hn9460_firmware:8.2.0.48:*:*:*:*:*:*:*", "matchCriteriaId": "A4511DC1-2420-4251-8124-EC65B94AFD40", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hughes:hn9460:-:*:*:*:*:*:*:*", "matchCriteriaId": "78313913-3B7E-4CF7-8006-398B3934C87D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hughes:hn7000s_firmware:6.9.0.37:*:*:*:*:*:*:*", "matchCriteriaId": "50E0765C-2796-47F5-B465-1B5660A6CDB9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hughes:hn7000s:-:*:*:*:*:*:*:*", "matchCriteriaId": "91470E55-2227-489A-BEB5-86C151F32344", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross Site Scripting (XSS) vulnerability in Hughes Network Systems Router Terminal for HX200 v8.3.1.14, HX90 v6.11.0.5, HX50L v6.10.0.18, HN9460 v8.2.0.48, and HN7000S v6.9.0.37, allows unauthenticated attackers to misuse frames, include JS/HTML code and steal sensitive information from legitimate users of the application."}, {"lang": "es", "value": "Vulnerabilidad de cross-site scripting (XSS) en la terminal de router de Hughes Network Systems para HX200 v8.3.1.14, HX90 v6.11.0.5, HX50L v6.10.0.18, HN9460 v8.2.0.48 y HN7000S v6.9.0.37, permite a atacantes no autenticados hacer un mal uso de los frames, incluir c\u00f3digo JS/HTML y robar informaci\u00f3n confidencial de usuarios leg\u00edtimos de la aplicaci\u00f3n."}], "id": "CVE-2023-22971", "lastModified": "2023-02-06T17:08:40.587", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-26T21:18:13.540", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.hughes.com"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5743.php"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}