CVE-2023-25646 - Vulnerability Details - OpenCVE

There is an unauthorized access vulnerability in ZTE H388X. If H388X is caused by brute-force serial port cracking,attackers with common user permissions can use this vulnerability to obtain elevated permissions on the affected device by performing specific operations.

No CVSS v4.0

Attack Vector Physical

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00072.

Key SSVC decision points have not yet been added.

Vendors	Products
Zte	Zxhn H388x Zxhn H388x Firmware

Configuration 1 [-]

AND

cpe:2.3:o:zte:zxhn_h388x_firmware:10.1_agzhm_1.3.1:*:*:*:*:*:*:*

cpe:2.3:h:zte:zxhn_h388x:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-29585	There is an unauthorized access vulnerability in ZTE H388X. If H388X is caused by brute-force serial port cracking,attackers with common user permissions can use this vulnerability to obtain elevated permissions on the affected device by performing specific operations.

Fixes

Solution

H388X V10.1: AGZHM_1.4.0

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1035844

History

Tue, 28 Jan 2025 16:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Zte Zte zxhn H388x Zte zxhn H388x Firmware
CPEs		cpe:2.3:h:zte:zxhn_h388x:-:::::::* cpe:2.3:o:zte:zxhn_h388x_firmware:10.1_agzhm_1.3.1:::::::*
Vendors & Products		Zte Zte zxhn H388x Zte zxhn H388x Firmware

MITRE

Status: PUBLISHED

Assigner: zte

Published: 2024-06-20T06:20:44.058Z

Updated: 2024-08-02T11:25:19.252Z

Reserved: 2023-02-09T19:47:48.022Z

Link: CVE-2023-25646

Vulnrichment

Updated: 2024-08-02T11:25:19.252Z

NVD

Status : Analyzed

Published: 2024-06-20T07:15:41.340

Modified: 2025-01-28T16:29:58.553

Link: CVE-2023-25646

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-25646", "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb", "state": "PUBLISHED", "assignerShortName": "zte", "dateReserved": "2023-02-09T19:47:48.022Z", "datePublished": "2024-06-20T06:20:44.058Z", "dateUpdated": "2024-08-02T11:25:19.252Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Linux"], "product": "ZXHN H388X", "vendor": "ZTE", "versions": [{"status": "affected", "version": "V10.1: AGZHM_1.3.1", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>There is an unauthorized access vulnerability in ZTE H388X. If H388X is caused by brute-force serial port cracking,attackers with common user permissions can use this vulnerability to obtain elevated permissions on the affected device by performing specific operations.</p><br>"}], "value": "There is an unauthorized access vulnerability in ZTE H388X. If H388X is caused by brute-force serial port cracking,attackers with common user permissions can use this vulnerability to obtain elevated permissions on the affected device by performing specific operations."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-281", "description": "CWE-281 Improper Preservation of Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "6786b568-6808-4982-b61f-398b0d9679eb", "shortName": "zte", "dateUpdated": "2024-06-20T06:20:44.058Z"}, "references": [{"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1035844"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">H388X V10.1: AGZHM_1.4.0</span>\n\n<br>"}], "value": "H388X V10.1: AGZHM_1.4.0"}], "source": {"discovery": "EXTERNAL"}, "title": "Permission and Access Control Vulnerability in ZTE H388X", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "zte", "product": "zxhn_h388x_firmware", "cpes": ["cpe:2.3:o:zte:zxhn_h388x_firmware:h388x_v10.1_agzhm_1.3.1:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "h388x_v10.1_agzhm_1.3.1", "status": "affected", "lessThan": "h388x_v10.1_agzhm_1.4.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-25T19:09:05.696519Z", "id": "CVE-2023-25646", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T20:10:48.349Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:25:19.252Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1035844", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1035844", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:25:19.252Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-25646", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-25T19:09:05.696519Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:zte:zxhn_h388x_firmware:h388x_v10.1_agzhm_1.3.1:*:*:*:*:*:*:*"], "vendor": "zte", "product": "zxhn_h388x_firmware", "versions": [{"status": "affected", "version": "h388x_v10.1_agzhm_1.3.1", "lessThan": "h388x_v10.1_agzhm_1.4.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T20:10:43.639Z"}}], "cna": {"title": "Permission and Access Control Vulnerability in ZTE H388X", "source": {"discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "PHYSICAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ZTE", "product": "ZXHN H388X", "versions": [{"status": "affected", "version": "V10.1: AGZHM_1.3.1", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "H388X V10.1: AGZHM_1.4.0", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">H388X V10.1: AGZHM_1.4.0</span>\n\n<br>", "base64": false}]}], "references": [{"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1035844"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "There is an unauthorized access vulnerability in ZTE H388X. If H388X is caused by brute-force serial port cracking,attackers with common user permissions can use this vulnerability to obtain elevated permissions on the affected device by performing specific operations.", "supportingMedia": [{"type": "text/html", "value": "<p>There is an unauthorized access vulnerability in ZTE H388X. If H388X is caused by brute-force serial port cracking,attackers with common user permissions can use this vulnerability to obtain elevated permissions on the affected device by performing specific operations.</p><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-281", "description": "CWE-281 Improper Preservation of Permissions"}]}], "providerMetadata": {"orgId": "6786b568-6808-4982-b61f-398b0d9679eb", "shortName": "zte", "dateUpdated": "2024-06-20T06:20:44.058Z"}}}, "cveMetadata": {"cveId": "CVE-2023-25646", "state": "PUBLISHED", "dateUpdated": "2024-08-02T11:25:19.252Z", "dateReserved": "2023-02-09T19:47:48.022Z", "assignerOrgId": "6786b568-6808-4982-b61f-398b0d9679eb", "datePublished": "2024-06-20T06:20:44.058Z", "assignerShortName": "zte"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zte:zxhn_h388x_firmware:10.1_agzhm_1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "5B505C00-1388-4B53-B2E0-A43D5C794A10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxhn_h388x:-:*:*:*:*:*:*:*", "matchCriteriaId": "9B08F94E-4211-4592-9919-4F2D0CD688E7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "There is an unauthorized access vulnerability in ZTE H388X. If H388X is caused by brute-force serial port cracking,attackers with common user permissions can use this vulnerability to obtain elevated permissions on the affected device by performing specific operations."}, {"lang": "es", "value": "Existe una vulnerabilidad de acceso no autorizado en ZTE H388X. Si H388X es causado por un craqueo del puerto serie por fuerza bruta, los atacantes con permisos de usuario comunes pueden usar esta vulnerabilidad para obtener permisos elevados en el dispositivo afectado mediante la realizaci\u00f3n de operaciones espec\u00edficas."}], "id": "CVE-2023-25646", "lastModified": "2025-01-28T16:29:58.553", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 6.0, "source": "psirt@zte.com.cn", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-20T07:15:41.340", "references": [{"source": "psirt@zte.com.cn", "tags": ["Vendor Advisory"], "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1035844"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1035844"}], "sourceIdentifier": "psirt@zte.com.cn", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-281"}], "source": "psirt@zte.com.cn", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-281"}], "source": "nvd@nist.gov", "type": "Primary"}]}