{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-38027", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "state": "PUBLISHED", "assignerShortName": "twcert", "dateReserved": "2023-07-12T00:37:03.717Z", "datePublished": "2023-08-28T03:37:19.941Z", "dateUpdated": "2024-10-14T03:32:16.132Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SpotCam Sense", "vendor": "SPOTCAM CO., LTD.", "versions": [{"status": "affected", "version": "2.2044"}]}], "datePublic": "2023-08-31T01:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">SpotCam Co., Ltd. SpotCam Sense\u2019s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to perform arbitrary system commands or disrupt service.</span>"}], "value": "SpotCam Co., Ltd. SpotCam Sense\u2019s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to perform arbitrary system commands or disrupt service."}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2024-10-14T03:32:16.132Z"}, "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7334-351fb-1.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update firmware version to \n\n<span style=\"background-color: rgb(255, 255, 255);\">v2.2046</span>\n\n or later.<br>"}], "value": "Update firmware version to \n\nv2.2046\n\n or later."}], "source": {"advisory": "TVN-202308007", "discovery": "EXTERNAL"}, "title": "SpotCam Co., Ltd. SpotCam Sense - Command Injection", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:23:27.968Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7334-351fb-1.html", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "spotcam_co_ltd", "product": "spotcam_sense", "cpes": ["cpe:2.3:a:spotcam_co_ltd:spotcam_sense:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.2044", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-02T14:15:13.406836Z", "id": "CVE-2023-38027", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-02T14:16:40.240Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7334-351fb-1.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:23:27.968Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-38027", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-02T14:15:13.406836Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:spotcam_co_ltd:spotcam_sense:*:*:*:*:*:*:*:*"], "vendor": "spotcam_co_ltd", "product": "spotcam_sense", "versions": [{"status": "affected", "version": "2.2044"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-02T14:16:34.798Z"}}], "cna": {"title": "SpotCam Co., Ltd. SpotCam Sense - Command Injection", "source": {"advisory": "TVN-202308007", "discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SPOTCAM CO., LTD.", "product": "SpotCam Sense", "versions": [{"status": "affected", "version": "2.2044"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update firmware version to \n\nv2.2046\n\n or later.", "supportingMedia": [{"type": "text/html", "value": "Update firmware version to \n\n<span style=\"background-color: rgb(255, 255, 255);\">v2.2046</span>\n\n or later.<br>", "base64": false}]}], "datePublic": "2023-08-31T01:00:00.000Z", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7334-351fb-1.html"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "SpotCam Co., Ltd. SpotCam Sense\u2019s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to perform arbitrary system commands or disrupt service.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">SpotCam Co., Ltd. SpotCam Sense\u2019s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to perform arbitrary system commands or disrupt service.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2024-10-14T03:32:16.132Z"}}}, "cveMetadata": {"cveId": "CVE-2023-38027", "state": "PUBLISHED", "dateUpdated": "2024-10-14T03:32:16.132Z", "dateReserved": "2023-07-12T00:37:03.717Z", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "datePublished": "2023-08-28T03:37:19.941Z", "assignerShortName": "twcert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:myspotcam:sense_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D84520FA-1323-47CE-BFA2-AA0C593A8C42", "versionEndExcluding": "2.2046", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:myspotcam:sense:-:*:*:*:*:*:*:*", "matchCriteriaId": "DC68B2F8-BEBD-4E0A-8565-715481FB854A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "SpotCam Co., Ltd. SpotCam Sense\u2019s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to perform arbitrary system commands or disrupt service."}, {"lang": "es", "value": "La funci\u00f3n oculta Telnet de SpotCam Sense de SpotCam Co. Ltd. tiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo. Un atacante remoto no autenticado puede explotar esta vulnerabilidad para ejecutar un ataque de inyecci\u00f3n de comandos para ejecutar comandos arbitrarios del sistema o interrumpir el servicio. "}], "id": "CVE-2023-38027", "lastModified": "2024-11-21T08:12:42.133", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "twcert@cert.org.tw", "type": "Secondary"}]}, "published": "2023-08-28T04:15:17.160", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-7334-351fb-1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-7334-351fb-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "twcert@cert.org.tw", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{}