#VU81409 OS Command Injection in FURUNO SYSTEMS products - CVE-2023-39222
Published: October 3, 2023
Vulnerability identifier: #VU81409
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-39222
CWE-ID: CWE-78
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
ACERA 1210
ACERA 1150i
ACERA 1150w
ACERA 1110
ACERA 1020
ACERA 1010
ACERA 950
ACERA 850F
ACERA 900
ACERA 850M
ACERA 810
ACERA 800ST
ACERA 1320
ACERA 1310
ACERA 1210
ACERA 1150i
ACERA 1150w
ACERA 1110
ACERA 1020
ACERA 1010
ACERA 950
ACERA 850F
ACERA 900
ACERA 850M
ACERA 810
ACERA 800ST
ACERA 1320
ACERA 1310
Software vendor:
FURUNO SYSTEMS
FURUNO SYSTEMS
Description
The vulnerability allows a remote user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation. A remote administrator on the local network can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install updates from vendor's website.