CVE-2023-41349 - Vulnerability Details - OpenCVE

ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack, resulting in sensitivity information leakage, or forcing the device to reset and permanent denial of service.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00311.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Asus	Rt-ax88u Rt-ax88u Firmware

Configuration 1 [-]

AND

cpe:2.3:o:asus:rt-ax88u_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asus:rt-ax88u:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-45852	ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack, resulting in sensitivity information leakage, or forcing the device to reset and permanent denial of service.

Fixes

Solution

Update the version to 3.0.0.4_388_23748 or later.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.twcert.org.tw/tw/cp-132-7371-aecf1-1.html

History

Wed, 25 Sep 2024 16:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: twcert

Published: 2023-09-18T02:36:30.234Z

Updated: 2024-09-25T15:39:19.468Z

Reserved: 2023-08-29T00:11:47.812Z

Link: CVE-2023-41349

Vulnrichment

Updated: 2024-08-02T19:01:34.257Z

NVD

Status : Modified

Published: 2023-09-18T03:15:08.113

Modified: 2024-11-21T08:21:07.613

Link: CVE-2023-41349

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-41349", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "state": "PUBLISHED", "assignerShortName": "twcert", "dateReserved": "2023-08-29T00:11:47.812Z", "datePublished": "2023-09-18T02:36:30.234Z", "dateUpdated": "2024-09-25T15:39:19.468Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "RT-AX88U", "vendor": "ASUS", "versions": [{"lessThan": "3.0.0.4_388_23748", "status": "affected", "version": " ", "versionType": "custom"}]}], "datePublic": "2023-09-18T02:36:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack,</span><span style=\"background-color: rgb(255, 255, 255);\"> resulting</span> in sensitivity information leakage<span style=\"background-color: rgb(255, 255, 255);\">, or forcing the device to reset and permanent denial of service.</span>\n\n"}], "value": "\nASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack, resulting in sensitivity information leakage, or forcing the device to reset and permanent denial of service.\n\n"}], "impacts": [{"capecId": "CAPEC-135", "descriptions": [{"lang": "en", "value": "CAPEC-135 Format String Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-134", "description": "CWE-134 Use of Externally-Controlled Format String", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2023-09-18T02:36:30.234Z"}, "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7371-aecf1-1.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update the version to <span style=\"background-color: rgb(255, 255, 255);\">3.0.0.4_388_23748 or later.</span>"}], "value": "Update the version to\u00a03.0.0.4_388_23748 or later."}], "source": {"advisory": "TVN-202309010", "discovery": "EXTERNAL"}, "title": "ASUS RT-AX88U - externally-controlled format string", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:01:34.257Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7371-aecf1-1.html", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "asus", "product": "rt-ax88u", "cpes": ["cpe:2.3:h:asus:rt-ax88u:-:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "3.0.0.4_388_23748", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-25T15:36:46.125305Z", "id": "CVE-2023-41349", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-25T15:39:19.468Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7371-aecf1-1.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:01:34.257Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-41349", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-25T15:36:46.125305Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:asus:rt-ax88u:-:*:*:*:*:*:*:*"], "vendor": "asus", "product": "rt-ax88u", "versions": [{"status": "affected", "version": "0", "lessThan": "3.0.0.4_388_23748", "versionType": "custom"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-25T15:37:53.518Z"}}], "cna": {"title": "ASUS RT-AX88U - externally-controlled format string", "source": {"advisory": "TVN-202309010", "discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-135", "descriptions": [{"lang": "en", "value": "CAPEC-135 Format String Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ASUS", "product": "RT-AX88U", "versions": [{"status": "affected", "version": " ", "lessThan": "3.0.0.4_388_23748", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update the version to\u00a03.0.0.4_388_23748 or later.", "supportingMedia": [{"type": "text/html", "value": "Update the version to <span style=\"background-color: rgb(255, 255, 255);\">3.0.0.4_388_23748 or later.</span>", "base64": false}]}], "datePublic": "2023-09-18T02:36:00.000Z", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7371-aecf1-1.html"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack, resulting in sensitivity information leakage, or forcing the device to reset and permanent denial of service.\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack,</span><span style=\"background-color: rgb(255, 255, 255);\"> resulting</span> in sensitivity information leakage<span style=\"background-color: rgb(255, 255, 255);\">, or forcing the device to reset and permanent denial of service.</span>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-134", "description": "CWE-134 Use of Externally-Controlled Format String"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2023-09-18T02:36:30.234Z"}}}, "cveMetadata": {"cveId": "CVE-2023-41349", "state": "PUBLISHED", "dateUpdated": "2024-09-25T15:39:19.468Z", "dateReserved": "2023-08-29T00:11:47.812Z", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "datePublished": "2023-09-18T02:36:30.234Z", "assignerShortName": "twcert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asus:rt-ax88u_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "478237D3-96B5-45FA-8953-006AA06B5AE8", "versionEndExcluding": "3.0.0.4.388.23748", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asus:rt-ax88u:-:*:*:*:*:*:*:*", "matchCriteriaId": "BB91E047-5AE1-4CA0-9E67-84170D79770C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "\nASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack, resulting in sensitivity information leakage, or forcing the device to reset and permanent denial of service.\n\n"}, {"lang": "es", "value": "El router ASUS RT-AX88U tiene una vulnerabilidad de uso de cadenas de formato controlables externamente dentro de su funci\u00f3n Advanced Open VPN. Un atacante remoto autenticado puede aprovechar la configuraci\u00f3n de OpenVPN exportada para ejecutar un ataque de cadena de formato controlado externamente, lo que resulta en una fuga de informaci\u00f3n sensible o obliga al dispositivo a reiniciarse y a la denegaci\u00f3n de servicio permanente. "}], "id": "CVE-2023-41349", "lastModified": "2024-11-21T08:21:07.613", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "twcert@cert.org.tw", "type": "Secondary"}]}, "published": "2023-09-18T03:15:08.113", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-7371-aecf1-1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-7371-aecf1-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-134"}], "source": "twcert@cert.org.tw", "type": "Secondary"}]}