Description
The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerable system.
Published: 2026-03-17
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution via Arbitrary File Write
Action: Immediate Patch
AI Analysis

Impact

Angeet ES3 KVM contains a flaw that allows a remote, unauthenticated attacker to write arbitrary files on the system, including configuration files or system binaries. The description states that modified configuration files or system binaries could enable a complete takeover of the affected system. This represents an Authentication Bypass vulnerability (CWE‑306) that can lead to confidentiality, integrity, and availability compromise through remote code execution.

Affected Systems

The vulnerable product is Angeet ES3 KVM. No specific version information is listed in the data, so all released versions of this product may potentially be affected until an official update is issued.

Risk and Exploitability

The CVSS score of 9.3 indicates high severity. The EPSS score is not available, and the vulnerability is not listed in the KEV catalog. The likely attack vector is remote over the network to the KVM interface; however, the exact prerequisites are not detailed, so this inference is based on the fact that the attack is described as remote and unauthenticated.

Generated by OpenCVE AI on March 17, 2026 at 18:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch for Angeet ES3 KVM as soon as it becomes available.
  • If a patch is not yet available, restrict network access to the KVM management interface using firewall rules or VLAN segmentation.
  • Monitor system logs for unexpected file creation or modification events, especially in configuration or binary directories.

Generated by OpenCVE AI on March 17, 2026 at 18:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Angeet es3 Kvm Firmware
CPEs cpe:2.3:h:angeet:es3_kvm:*:*:*:*:*:*:*:*
cpe:2.3:o:angeet:es3_kvm_firmware:-:*:*:*:*:*:*:*
Vendors & Products Angeet es3 Kvm Firmware

Wed, 18 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Angeet
Angeet es3 Kvm
Vendors & Products Angeet
Angeet es3 Kvm

Tue, 17 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 17 Mar 2026 17:45:00 +0000

Type Values Removed Values Added
Description The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerable system.
Title Angeet ES3 KVM unauthenticated arbitrary file write
Weaknesses CWE-306
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H'}

Subscriptions

Angeet Es3 Kvm Es3 Kvm Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: cisa-cg

Published:

Updated: 2026-03-17T18:09:55.887Z

Reserved: 2026-03-11T18:26:59.578Z

Link: CVE-2026-32297

cve-icon Vulnrichment

Updated: 2026-03-17T18:09:53.551Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-17T18:16:17.137

Modified: 2026-04-27T16:58:00.927

Link: CVE-2026-32297

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:49:01Z

Weaknesses