CVE-2023-35906 - Vulnerability Details - OpenCVE

IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. IBM X-Force ID: 259649.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Ibm	Aspera Faspex
Linux	Linux Kernel

Configuration 1 [-]

AND

cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/259649
https://www.ibm.com/support/pages/node/7029681

History

Fri, 27 Sep 2024 14:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:ibm:aspera_faspex:-:::::::*
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 20 Sep 2024 18:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-348

Fri, 20 Sep 2024 17:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-291

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2023-09-05T00:52:09.861Z

Updated: 2024-09-27T13:53:24.680Z

Reserved: 2023-06-20T02:24:31.594Z

Link: CVE-2023-35906

Vulnrichment

Updated: 2024-08-02T16:37:41.207Z

NVD

Status : Modified

Published: 2023-09-05T01:15:07.920

Modified: 2024-11-21T08:08:57.530

Link: CVE-2023-35906

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-35906", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2023-06-20T02:24:31.594Z", "datePublished": "2023-09-05T00:52:09.861Z", "dateUpdated": "2024-09-27T13:53:24.680Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Aspera Faspex", "vendor": "IBM", "versions": [{"status": "affected", "version": "5.0.5"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. IBM X-Force ID: 259649."}], "value": "IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. IBM X-Force ID: 259649."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-291", "description": "CWE-291 Reliance on IP Address for Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-09-20T17:28:01.531Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/7029681"}, {"tags": ["vdb-entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/259649"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Aspera Faspex security bypass", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:37:41.207Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/7029681"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/259649"}]}, {"affected": [{"vendor": "ibm", "product": "aspera_faspex", "cpes": ["cpe:2.3:a:ibm:aspera_faspex:-:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "5.0.5", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-27T13:52:40.253509Z", "id": "CVE-2023-35906", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-27T13:53:24.680Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.ibm.com/support/pages/node/7029681", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/259649", "tags": ["vdb-entry", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:37:41.207Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-35906", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-27T13:52:40.253509Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ibm:aspera_faspex:-:*:*:*:*:*:*:*"], "vendor": "ibm", "product": "aspera_faspex", "versions": [{"status": "affected", "version": "5.0.5"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-27T13:53:19.768Z"}}], "cna": {"title": "IBM Aspera Faspex security bypass", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "IBM", "product": "Aspera Faspex", "versions": [{"status": "affected", "version": "5.0.5"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.ibm.com/support/pages/node/7029681", "tags": ["vendor-advisory"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/259649", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. IBM X-Force ID: 259649.", "supportingMedia": [{"type": "text/html", "value": "IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. IBM X-Force ID: 259649.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-291", "description": "CWE-291 Reliance on IP Address for Authentication"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-09-20T17:28:01.531Z"}}}, "cveMetadata": {"cveId": "CVE-2023-35906", "state": "PUBLISHED", "dateUpdated": "2024-09-27T13:53:24.680Z", "dateReserved": "2023-06-20T02:24:31.594Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2023-09-05T00:52:09.861Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", "matchCriteriaId": "E98E1987-F57F-48E0-B65E-3EA019915989", "versionEndIncluding": "5.0.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. IBM X-Force ID: 259649."}, {"lang": "es", "value": "IBM Aspera Faspex v5.0.5 podr\u00eda permitir a un atacante remoto saltarse las restricciones de IP debido a controles de acceso inadecuados. ID de IBM X-Force: 259649. "}], "id": "CVE-2023-35906", "lastModified": "2024-11-21T08:08:57.530", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "psirt@us.ibm.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-05T01:15:07.920", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/259649"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7029681"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/259649"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7029681"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-291"}], "source": "psirt@us.ibm.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-345"}], "source": "nvd@nist.gov", "type": "Secondary"}]}