CVE-2023-31241 - OpenCVE

Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Control4	Ca-1 Ca-10 Ea-1 Ea-3 Ea-5
Snapone	An-110-rt-2l1w An-110-rt-2l1w-wifi An-310-rt-4l2w Orvc Ovrc-300-pro Pakedge Rk-1 Pakedge Rt-3100 Pakedge Wr-1

Configuration 1 [-]

AND

cpe:2.3:a:snapone:orvc:*:*:*:*:*:pro:*:*

OR	cpe:2.3:h:control4:ca-1:-:::::::*
	cpe:2.3:h:control4:ca-10:-:::::::*
	cpe:2.3:h:control4:ea-1:-:::::::*
	cpe:2.3:h:control4:ea-3:-:::::::*
	cpe:2.3:h:control4:ea-5:-:::::::*
	cpe:2.3:h:snapone:an-110-rt-2l1w:-:::::::*
	cpe:2.3:h:snapone:an-110-rt-2l1w-wifi:-:::::::*
	cpe:2.3:h:snapone:an-310-rt-4l2w:-:::::::*
	cpe:2.3:h:snapone:ovrc-300-pro:-:::::::*
	cpe:2.3:h:snapone:pakedge_rk-1:-:::::::*
	cpe:2.3:h:snapone:pakedge_rt-3100:-:::::::*
	cpe:2.3:h:snapone:pakedge_wr-1:-:::::::*

No data.

References

Link	Providers
https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2023-05-22T19:26:22.401Z

Updated: 2024-08-02T14:53:30.880Z

Reserved: 2023-04-26T19:18:23.286Z

Link: CVE-2023-31241

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-05-22T20:15:10.720

Modified: 2023-05-31T14:59:11.060

Link: CVE-2023-31241

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-31241", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2023-04-26T19:18:23.286Z", "datePublished": "2023-05-22T19:26:22.401Z", "dateUpdated": "2024-08-02T14:53:30.880Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "OvrC Cloud", "vendor": "Snap One", "versions": [{"lessThan": "7.3", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Uri Katz of Claroty reported these vulnerabilities to CISA."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p></p>\n\n<p>Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright.</p><br>\n\n<br>\n\n<p></p>"}], "value": "\n\n\n\n\nSnap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright.\n\n\n\n\n\n\n\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284 Improper Access Control ", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-05-22T19:26:22.401Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>Snap One has released the following updates/fixes for the affected products:</p><ul><li>OvrC Pro v7.2 has been automatically pushed out to devices to update via OvrC cloud.</li><li>OvrC Pro v7.3 has been automatically pushed out to devices to update via OvrC cloud.</li><li>Disable UPnP.</li></ul><p>For more information, see Snap One\u2019s <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdf\">Release Notes</a>.</p>\n\n"}], "value": "\nSnap One has released the following updates/fixes for the affected products:\n\n * OvrC Pro v7.2 has been automatically pushed out to devices to update via OvrC cloud.\n * OvrC Pro v7.3 has been automatically pushed out to devices to update via OvrC cloud.\n * Disable UPnP.\n\n\nFor more information, see Snap One\u2019s Release Notes https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdf .\n\n\n\n"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:53:30.880Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:snapone:orvc:*:*:*:*:*:pro:*:*", "matchCriteriaId": "415E3C3D-6B2F-4095-B7F1-E3F777E01172", "versionEndExcluding": "7.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:control4:ca-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "910274AB-35AF-428C-84D7-36774DEB59D8", "vulnerable": false}, {"criteria": "cpe:2.3:h:control4:ca-10:-:*:*:*:*:*:*:*", "matchCriteriaId": "852189C9-7720-468D-BCE0-28DFC051AEDC", "vulnerable": false}, {"criteria": "cpe:2.3:h:control4:ea-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "C61FA2AE-A962-4D60-BBCF-751FDB5215B9", "vulnerable": false}, {"criteria": "cpe:2.3:h:control4:ea-3:-:*:*:*:*:*:*:*", "matchCriteriaId": "B6310809-0890-4113-837C-0074706B4E6B", "vulnerable": false}, {"criteria": "cpe:2.3:h:control4:ea-5:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7ADAAF7-9B0B-4002-8158-FC6B0EAB6055", "vulnerable": false}, {"criteria": "cpe:2.3:h:snapone:an-110-rt-2l1w:-:*:*:*:*:*:*:*", "matchCriteriaId": "B5B50505-B496-4172-813E-CA174EE2D4DF", "vulnerable": false}, {"criteria": "cpe:2.3:h:snapone:an-110-rt-2l1w-wifi:-:*:*:*:*:*:*:*", "matchCriteriaId": "04744281-B935-4272-8582-85C6162881F8", "vulnerable": false}, {"criteria": "cpe:2.3:h:snapone:an-310-rt-4l2w:-:*:*:*:*:*:*:*", "matchCriteriaId": "CCD83E46-F84F-49F8-9601-ABC03292E0F6", "vulnerable": false}, {"criteria": "cpe:2.3:h:snapone:ovrc-300-pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "F5B44DFB-CC8D-4342-907B-D34F9EAB5CEB", "vulnerable": false}, {"criteria": "cpe:2.3:h:snapone:pakedge_rk-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "B2982D38-80BF-4041-9F59-D26C152D24D9", "vulnerable": false}, {"criteria": "cpe:2.3:h:snapone:pakedge_rt-3100:-:*:*:*:*:*:*:*", "matchCriteriaId": "061055F0-D742-4227-ADC2-1793979F9463", "vulnerable": false}, {"criteria": "cpe:2.3:h:snapone:pakedge_wr-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF7BD251-BB2F-4C49-8B1E-8EB26580DFDB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\n\n\n\n\nSnap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright.\n\n\n\n\n\n\n\n\n\n"}], "id": "CVE-2023-31241", "lastModified": "2023-05-31T14:59:11.060", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2023-05-22T20:15:10.720", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}