CVE-2023-31245 - OpenCVE

Devices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attackers could impersonate a device and supply malicious information about the device’s web server interface. By supplying malicious parameters, an attacker could redirect the user to arbitrary and dangerous locations on the web.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Control4	Ca-1 Ca-10 Ea-1 Ea-3 Ea-5
Snapone	An-110-rt-2l1w An-110-rt-2l1w-wifi An-310-rt-4l2w Orvc Ovrc-300-pro Pakedge Rk-1 Pakedge Rt-3100 Pakedge Wr-1

Configuration 1 [-]

AND

cpe:2.3:a:snapone:orvc:*:*:*:*:*:pro:*:*

OR	cpe:2.3:h:control4:ca-1:-:::::::*
	cpe:2.3:h:control4:ca-10:-:::::::*
	cpe:2.3:h:control4:ea-1:-:::::::*
	cpe:2.3:h:control4:ea-3:-:::::::*
	cpe:2.3:h:control4:ea-5:-:::::::*
	cpe:2.3:h:snapone:an-110-rt-2l1w:-:::::::*
	cpe:2.3:h:snapone:an-110-rt-2l1w-wifi:-:::::::*
	cpe:2.3:h:snapone:an-310-rt-4l2w:-:::::::*
	cpe:2.3:h:snapone:ovrc-300-pro:-:::::::*
	cpe:2.3:h:snapone:pakedge_rk-1:-:::::::*
	cpe:2.3:h:snapone:pakedge_rt-3100:-:::::::*
	cpe:2.3:h:snapone:pakedge_wr-1:-:::::::*

No data.

References

Link	Providers
https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01
https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2023-05-22T19:37:10.365Z

Updated: 2024-08-02T14:53:30.667Z

Reserved: 2023-04-26T19:18:23.299Z

Link: CVE-2023-31245

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-05-22T20:15:10.807

Modified: 2023-05-31T15:23:25.923

Link: CVE-2023-31245

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-31245", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2023-04-26T19:18:23.299Z", "datePublished": "2023-05-22T19:37:10.365Z", "dateUpdated": "2024-08-02T14:53:30.667Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "OvrC Cloud", "vendor": "Snap One", "versions": [{"lessThan": "7.3", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Uri Katz of Claroty reported these vulnerabilities to CISA."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p></p>\n\n<p></p>\n\n<p></p>\n\n<p></p>\n\n<p>\n\n</p><p>\n\n</p><p>Devices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attackers could impersonate a device and supply malicious information about the device\u2019s web server interface. By supplying malicious parameters, an attacker could redirect the user to arbitrary and dangerous locations on the web.</p>\n\n<p></p>\n\n<p></p>\n\n<p></p>"}], "value": "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nDevices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attackers could impersonate a device and supply malicious information about the device\u2019s web server interface. By supplying malicious parameters, an attacker could redirect the user to arbitrary and dangerous locations on the web.\n\n\n\n\n\n\n\n\n\n\n\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "description": "CWE-601 Open Redirect", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-05-22T19:37:10.365Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01"}, {"url": "https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdf"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>Snap One has released the following updates/fixes for the affected products:</p><ul><li>OvrC Pro v7.2 has been automatically pushed out to devices to update via OvrC cloud.</li><li>OvrC Pro v7.3 has been automatically pushed out to devices to update via OvrC cloud.</li><li>Disable UPnP.</li></ul><p>For more information, see Snap One\u2019s <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdf\">Release Notes</a>.</p>\n\n"}], "value": "\nSnap One has released the following updates/fixes for the affected products:\n\n * OvrC Pro v7.2 has been automatically pushed out to devices to update via OvrC cloud.\n * OvrC Pro v7.3 has been automatically pushed out to devices to update via OvrC cloud.\n * Disable UPnP.\n\n\nFor more information, see Snap One\u2019s Release Notes https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdf .\n\n\n\n"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:53:30.667Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01", "tags": ["x_transferred"]}, {"url": "https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdf", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:snapone:orvc:*:*:*:*:*:pro:*:*", "matchCriteriaId": "415E3C3D-6B2F-4095-B7F1-E3F777E01172", "versionEndExcluding": "7.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:control4:ca-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "910274AB-35AF-428C-84D7-36774DEB59D8", "vulnerable": false}, {"criteria": "cpe:2.3:h:control4:ca-10:-:*:*:*:*:*:*:*", "matchCriteriaId": "852189C9-7720-468D-BCE0-28DFC051AEDC", "vulnerable": false}, {"criteria": "cpe:2.3:h:control4:ea-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "C61FA2AE-A962-4D60-BBCF-751FDB5215B9", "vulnerable": false}, {"criteria": "cpe:2.3:h:control4:ea-3:-:*:*:*:*:*:*:*", "matchCriteriaId": "B6310809-0890-4113-837C-0074706B4E6B", "vulnerable": false}, {"criteria": "cpe:2.3:h:control4:ea-5:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7ADAAF7-9B0B-4002-8158-FC6B0EAB6055", "vulnerable": false}, {"criteria": "cpe:2.3:h:snapone:an-110-rt-2l1w:-:*:*:*:*:*:*:*", "matchCriteriaId": "B5B50505-B496-4172-813E-CA174EE2D4DF", "vulnerable": false}, {"criteria": "cpe:2.3:h:snapone:an-110-rt-2l1w-wifi:-:*:*:*:*:*:*:*", "matchCriteriaId": "04744281-B935-4272-8582-85C6162881F8", "vulnerable": false}, {"criteria": "cpe:2.3:h:snapone:an-310-rt-4l2w:-:*:*:*:*:*:*:*", "matchCriteriaId": "CCD83E46-F84F-49F8-9601-ABC03292E0F6", "vulnerable": false}, {"criteria": "cpe:2.3:h:snapone:ovrc-300-pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "F5B44DFB-CC8D-4342-907B-D34F9EAB5CEB", "vulnerable": false}, {"criteria": "cpe:2.3:h:snapone:pakedge_rk-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "B2982D38-80BF-4041-9F59-D26C152D24D9", "vulnerable": false}, {"criteria": "cpe:2.3:h:snapone:pakedge_rt-3100:-:*:*:*:*:*:*:*", "matchCriteriaId": "061055F0-D742-4227-ADC2-1793979F9463", "vulnerable": false}, {"criteria": "cpe:2.3:h:snapone:pakedge_wr-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF7BD251-BB2F-4C49-8B1E-8EB26580DFDB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nDevices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attackers could impersonate a device and supply malicious information about the device\u2019s web server interface. By supplying malicious parameters, an attacker could redirect the user to arbitrary and dangerous locations on the web.\n\n\n\n\n\n\n\n\n\n\n\n\n\n"}], "id": "CVE-2023-31245", "lastModified": "2023-05-31T15:23:25.923", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.7, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2023-05-22T20:15:10.807", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Release Notes"], "url": "https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdf"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}