Permissions, Privileges, and Access Controls in SR-7100VN and SR-7100VN #31 - CVE-2023-28390
Published: May 10, 2023
Vulnerability identifier: #VU75961
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-28390
CWE-ID: CWE-264
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Icom Organization (Bordyzhan Sergey)
Affected software:
SR-7100VN
SR-7100VN #31
SR-7100VN
SR-7100VN #31
Detailed vulnerability description
The vulnerability allows a remote administrator on the local network to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass and privilege escalation.
How to mitigate CVE-2023-28390
Install updates from vendor's website.