CVE-2023-41349 - OpenCVE

ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack, resulting in sensitivity information leakage, or forcing the device to reset and permanent denial of service.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Asus	Rt-ax88u Rt-ax88u Firmware

Configuration 1 [-]

AND

cpe:2.3:o:asus:rt-ax88u_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asus:rt-ax88u:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.twcert.org.tw/tw/cp-132-7371-aecf1-1.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: twcert

Published: 2023-09-18T02:36:30.234Z

Updated: 2024-08-02T19:01:34.257Z

Reserved: 2023-08-29T00:11:47.812Z

Link: CVE-2023-41349

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-09-18T03:15:08.113

Modified: 2023-09-19T21:23:04.903

Link: CVE-2023-41349

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-41349", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "state": "PUBLISHED", "assignerShortName": "twcert", "dateReserved": "2023-08-29T00:11:47.812Z", "datePublished": "2023-09-18T02:36:30.234Z", "dateUpdated": "2024-08-02T19:01:34.257Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "RT-AX88U", "vendor": "ASUS", "versions": [{"lessThan": "3.0.0.4_388_23748", "status": "affected", "version": " ", "versionType": "custom"}]}], "datePublic": "2023-09-18T02:36:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack,</span><span style=\"background-color: rgb(255, 255, 255);\"> resulting</span> in sensitivity information leakage<span style=\"background-color: rgb(255, 255, 255);\">, or forcing the device to reset and permanent denial of service.</span>\n\n"}], "value": "\nASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack, resulting in sensitivity information leakage, or forcing the device to reset and permanent denial of service.\n\n"}], "impacts": [{"capecId": "CAPEC-135", "descriptions": [{"lang": "en", "value": "CAPEC-135 Format String Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-134", "description": "CWE-134 Use of Externally-Controlled Format String", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2023-09-18T02:36:30.234Z"}, "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7371-aecf1-1.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update the version to <span style=\"background-color: rgb(255, 255, 255);\">3.0.0.4_388_23748 or later.</span>"}], "value": "Update the version to\u00a03.0.0.4_388_23748 or later."}], "source": {"advisory": "TVN-202309010", "discovery": "EXTERNAL"}, "title": "ASUS RT-AX88U - externally-controlled format string", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:01:34.257Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7371-aecf1-1.html", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asus:rt-ax88u_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "478237D3-96B5-45FA-8953-006AA06B5AE8", "versionEndExcluding": "3.0.0.4.388.23748", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asus:rt-ax88u:-:*:*:*:*:*:*:*", "matchCriteriaId": "BB91E047-5AE1-4CA0-9E67-84170D79770C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack, resulting in sensitivity information leakage, or forcing the device to reset and permanent denial of service.\n\n"}, {"lang": "es", "value": "El router ASUS RT-AX88U tiene una vulnerabilidad de uso de cadenas de formato controlables externamente dentro de su funci\u00f3n Advanced Open VPN. Un atacante remoto autenticado puede aprovechar la configuraci\u00f3n de OpenVPN exportada para ejecutar un ataque de cadena de formato controlado externamente, lo que resulta en una fuga de informaci\u00f3n sensible o obliga al dispositivo a reiniciarse y a la denegaci\u00f3n de servicio permanente. "}], "id": "CVE-2023-41349", "lastModified": "2023-09-19T21:23:04.903", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "twcert@cert.org.tw", "type": "Primary"}]}, "published": "2023-09-18T03:15:08.113", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-7371-aecf1-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-134"}], "source": "twcert@cert.org.tw", "type": "Primary"}]}