#VU80009 OS Command Injection in CBC Group products - CVE-2023-40144
Published: August 25, 2023
Vulnerability identifier: #VU80009
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-40144
CWE-ID: CWE-78
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
NR4H
NR8H
NR16H
DR-16F
DR-8F
DR-4F
DR-16H
DR-8H
DR-4H
DR-4M41
NR-4M
NR-8M
NR-16M
NR-4F
NR-8F
NR-16F
DR-16M
DR-8M
DR-4M51
NR4H
NR8H
NR16H
DR-16F
DR-8F
DR-4F
DR-16H
DR-8H
DR-4H
DR-4M41
NR-4M
NR-8M
NR-16M
NR-4F
NR-8F
NR-16F
DR-16M
DR-8M
DR-4M51
Software vendor:
CBC Group
CBC Group
Description
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation. A remote user can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install updates from vendor's website.