OS Command Injection in FURUNO SYSTEMS products - CVE-2023-39222
Published: October 3, 2023
Vulnerability identifier: #VU81409
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-39222
CWE-ID: CWE-78
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: FURUNO SYSTEMS
Affected software:
ACERA 1210
ACERA 1150i
ACERA 1150w
ACERA 1110
ACERA 1020
ACERA 1010
ACERA 950
ACERA 850F
ACERA 900
ACERA 850M
ACERA 810
ACERA 800ST
ACERA 1320
ACERA 1310
ACERA 1210
ACERA 1150i
ACERA 1150w
ACERA 1110
ACERA 1020
ACERA 1010
ACERA 950
ACERA 850F
ACERA 900
ACERA 850M
ACERA 810
ACERA 800ST
ACERA 1320
ACERA 1310
Detailed vulnerability description
The vulnerability allows a remote user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation. A remote administrator on the local network can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
How to mitigate CVE-2023-39222
Install updates from vendor's website.