Permissions, Privileges, and Access Controls in SR-7100VN and SR-7100VN #31 - CVE-2023-28390

 

Permissions, Privileges, and Access Controls in SR-7100VN and SR-7100VN #31 - CVE-2023-28390

Published: May 10, 2023


Vulnerability identifier: #VU75961
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-28390
CWE-ID: CWE-264
Exploitation vector: Adjecent network
Exploit availability: No public exploit available
Vendor: Icom Organization (Bordyzhan Sergey)
Affected software:
SR-7100VN
SR-7100VN #31

Detailed vulnerability description

The vulnerability allows a remote administrator on the local network to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass and privilege escalation.


How to mitigate CVE-2023-28390

Install updates from vendor's website.

Sources