Lucene search

NECCVE-2023-39545

HistoryNov 17, 2023 - 6:15 a.m.

CVE-2023-39545

2023-11-1706:15:33

CWE-552

NEC

web.nvd.nist.gov

cve

2023

39545

attacker

arbitrary command

clusterpro x

expresscluster x

singleserversafe

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

19.3%

JSON

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.

Affected configurations

Nvd

Node

necexpresscluster_xMatch1.0linux

necexpresscluster_xMatch1.0windows

necexpresscluster_xMatch2.0linux

necexpresscluster_xMatch2.0windows

necexpresscluster_xMatch2.1linux

necexpresscluster_xMatch2.1windows

necexpresscluster_xMatch3.0linux

necexpresscluster_xMatch3.0windows

necexpresscluster_xMatch3.1linux

necexpresscluster_xMatch3.1windows

necexpresscluster_xMatch3.2linux

necexpresscluster_xMatch3.2windows

necexpresscluster_xMatch3.3linux

necexpresscluster_xMatch3.3windows

necexpresscluster_xMatch4.0linux

necexpresscluster_xMatch4.0windows

necexpresscluster_xMatch4.1linux

necexpresscluster_xMatch4.1windows

necexpresscluster_xMatch4.2linux

necexpresscluster_xMatch4.2windows

necexpresscluster_xMatch4.3linux

necexpresscluster_xMatch4.3windows

necexpresscluster_xMatch5.0linux

necexpresscluster_xMatch5.0windows

necexpresscluster_xMatch5.1linux

necexpresscluster_xMatch5.1windows

necexpresscluster_x_singleserversafeMatch1.0linux

necexpresscluster_x_singleserversafeMatch1.0windows

necexpresscluster_x_singleserversafeMatch2.0linux

necexpresscluster_x_singleserversafeMatch2.0windows

necexpresscluster_x_singleserversafeMatch2.1linux

necexpresscluster_x_singleserversafeMatch2.1windows

necexpresscluster_x_singleserversafeMatch3.0linux

necexpresscluster_x_singleserversafeMatch3.0windows

necexpresscluster_x_singleserversafeMatch3.1linux

necexpresscluster_x_singleserversafeMatch3.1windows

necexpresscluster_x_singleserversafeMatch3.2linux

necexpresscluster_x_singleserversafeMatch3.2windows

necexpresscluster_x_singleserversafeMatch3.3linux

necexpresscluster_x_singleserversafeMatch3.3windows

necexpresscluster_x_singleserversafeMatch4.0linux

necexpresscluster_x_singleserversafeMatch4.0windows

necexpresscluster_x_singleserversafeMatch4.1linux

necexpresscluster_x_singleserversafeMatch4.1windows

necexpresscluster_x_singleserversafeMatch4.2linux

necexpresscluster_x_singleserversafeMatch4.2windows

necexpresscluster_x_singleserversafeMatch4.3linux

necexpresscluster_x_singleserversafeMatch4.3windows

necexpresscluster_x_singleserversafeMatch5.0linux

necexpresscluster_x_singleserversafeMatch5.0windows

necexpresscluster_x_singleserversafeMatch5.1linux

necexpresscluster_x_singleserversafeMatch5.1windows

VendorProductVersionCPE
necexpresscluster_x1.0cpe:2.3:a:nec:expresscluster_x:1.0:*:*:*:*:linux:*:*
necexpresscluster_x1.0cpe:2.3:a:nec:expresscluster_x:1.0:*:*:*:*:windows:*:*
necexpresscluster_x2.0cpe:2.3:a:nec:expresscluster_x:2.0:*:*:*:*:linux:*:*
necexpresscluster_x2.0cpe:2.3:a:nec:expresscluster_x:2.0:*:*:*:*:windows:*:*
necexpresscluster_x2.1cpe:2.3:a:nec:expresscluster_x:2.1:*:*:*:*:linux:*:*
necexpresscluster_x2.1cpe:2.3:a:nec:expresscluster_x:2.1:*:*:*:*:windows:*:*
necexpresscluster_x3.0cpe:2.3:a:nec:expresscluster_x:3.0:*:*:*:*:linux:*:*
necexpresscluster_x3.0cpe:2.3:a:nec:expresscluster_x:3.0:*:*:*:*:windows:*:*
necexpresscluster_x3.1cpe:2.3:a:nec:expresscluster_x:3.1:*:*:*:*:linux:*:*
necexpresscluster_x3.1cpe:2.3:a:nec:expresscluster_x:3.1:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
nec	expresscluster_x	1.0	cpe:2.3:a:nec:expresscluster_x:1.0:::::linux::
nec	expresscluster_x	1.0	cpe:2.3:a:nec:expresscluster_x:1.0:::::windows::
nec	expresscluster_x	2.0	cpe:2.3:a:nec:expresscluster_x:2.0:::::linux::
nec	expresscluster_x	2.0	cpe:2.3:a:nec:expresscluster_x:2.0:::::windows::
nec	expresscluster_x	2.1	cpe:2.3:a:nec:expresscluster_x:2.1:::::linux::
nec	expresscluster_x	2.1	cpe:2.3:a:nec:expresscluster_x:2.1:::::windows::
nec	expresscluster_x	3.0	cpe:2.3:a:nec:expresscluster_x:3.0:::::linux::
nec	expresscluster_x	3.0	cpe:2.3:a:nec:expresscluster_x:3.0:::::windows::
nec	expresscluster_x	3.1	cpe:2.3:a:nec:expresscluster_x:3.1:::::linux::
nec	expresscluster_x	3.1	cpe:2.3:a:nec:expresscluster_x:3.1:::::windows::

Rows per page:

1-10 of 521

CNA Affected

[
  {
    "product": "CLUSTERPRO X (EXPRESSCLUSTER X)",
    "vendor": "NEC Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.0, 2.0 2.1, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0 and 5.1"
      }
    ]
  },
  {
    "product": "CLUSTERPRO X SingleServerSafe (EXPRESSCLUSTER X SingleServerSafe)",
    "vendor": "NEC Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.0, 2.0 2.1, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0 and 5.1"
      }
    ]
  }
]

References

jpn.nec.com/security-info/secinfo/nv23-009_en.html

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

19.3%

JSON

Related for CVE-2023-39545