Multiple vulnerabilities in NEC Corporation EXPRESSCLUSTER X and EXPRESSCLUSTER SingleServerSafe
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2023-39544 CVE-2023-39545 CVE-2023-39546 CVE-2023-39547 CVE-2023-39548 |
| CWE-ID | CWE-862 CWE-552 CWE-836 CWE-294 CWE-434 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
EXPRESSCLUSTER X Other software / Other software solutions EXPRESSCLUSTER X SingleServerSafe Other software / Other software solutions |
| Vendor | NEC Corporation |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Missing Authorization
EUVDB-ID: #VU83323
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-39544
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to missing authorization. A remote user can execute arbitrary commands on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEXPRESSCLUSTER X: 1.0 - 5.1
EXPRESSCLUSTER X SingleServerSafe: 1.0 - 5.1
External linkshttp://jpn.nec.com/security-info/secinfo/nv23-009_en.html
http://jvn.jp/en/vu/JVNVU98954968/index.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Files or Directories Accessible to External Parties
EUVDB-ID: #VU83324
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-39545
CWE-ID:
CWE-552 - Files or Directories Accessible to External Parties
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise the target system.
The vulnerability exists due to files or directories accessible to external parties. A local user can obtain files containing credentials via HTTP API.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEXPRESSCLUSTER X: 1.0 - 5.1
EXPRESSCLUSTER X SingleServerSafe: 1.0 - 5.1
External linkshttp://jpn.nec.com/security-info/secinfo/nv23-009_en.html
http://jvn.jp/en/vu/JVNVU98954968/index.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use of Password Hash Instead of Password for Authentication
EUVDB-ID: #VU83325
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-39546
CWE-ID:
CWE-836 - Use of Password Hash Instead of Password for Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to use of password hash instead of password for authentication. A remote attacker can perform a Pass The Hash attack and atempt to log in to the product's WebUI as an administrator.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEXPRESSCLUSTER X: 1.0 - 5.1
EXPRESSCLUSTER X SingleServerSafe: 1.0 - 5.1
External linkshttp://jpn.nec.com/security-info/secinfo/nv23-009_en.html
http://jvn.jp/en/vu/JVNVU98954968/index.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Authentication Bypass by Capture-replay
EUVDB-ID: #VU83326
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-39547
CWE-ID:
CWE-294 - Authentication Bypass by Capture-replay
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to authentication bypass by capture-replay. A remote attacker on the local network can gain access to sensitive information such as configuration files.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEXPRESSCLUSTER X: 1.0 - 5.1
EXPRESSCLUSTER X SingleServerSafe: 1.0 - 5.1
External linkshttp://jpn.nec.com/security-info/secinfo/nv23-009_en.html
http://jvn.jp/en/vu/JVNVU98954968/index.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Arbitrary file upload
EUVDB-ID: #VU83328
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-39548
CWE-ID:
CWE-434 - Unrestricted Upload of File with Dangerous Type
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to insufficient validation of file during file upload. A remote attacker can upload a malicious file and execute it on the server.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEXPRESSCLUSTER X: 1.0 - 5.1
EXPRESSCLUSTER X SingleServerSafe: 1.0 - 5.1
External linkshttp://jpn.nec.com/security-info/secinfo/nv23-009_en.html
http://jvn.jp/en/vu/JVNVU98954968/index.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
