Lucene search
MitreCVE-2023-36650HistoryDec 12, 2023 - 1:15 a.m.
CVE-2023-36650
2023-12-1201:15:10
CWE-354
mitre
web.nvd.nist.gov
10
cve-2023-36650
prolion cryptospike
integrity check
update system
remote code execution
nvd
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
7.2
Confidence
High
EPSS
0.001
Percentile
19.3%
A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux user on the host system via forged update packages.
Affected configurations
Node
prolioncryptospikeMatch3.0.15p2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| prolion | cryptospike | 3.0.15 | cpe:2.3:a:prolion:cryptospike:3.0.15:p2:*:*:*:*:*:* |
References
Related
cvelist
cvelist
CVE-2023-36650
2023-12-12 00:00:00
prion
prion
Input validation
2023-12-12 01:15:00
nvd
nvd
CVE-2023-36650
2023-12-12 01:15:10
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
7.2
Confidence
High
EPSS
0.001
Percentile
19.3%
Related for CVE-2023-36650