Lucene search

[email protected]CVE-2023-45498

HistoryOct 27, 2023 - 4:15 a.m.

CVE-2023-45498

2023-10-2704:15:10

CWE-77

[email protected]

web.nvd.nist.gov

vinchin

backup & recovery

cve-2023-45498

nvd

security vulnerability

command injection

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

69.5%

JSON

VinChin Backup & Recovery v5.0., v6.0., v6.7., and v7.0. was discovered to contain a command injection vulnerability.

Affected configurations

NVD

Node

vinchinvinchin_backup_and_recoveryRange5.0–7.0

CPENameOperatorVersion
vinchin:vinchin_backup_and_recoveryvinchin vinchin backup and recoveryle7.0

CPE	Name	Operator	Version
vinchin:vinchin_backup_and_recovery	vinchin vinchin backup and recovery	le	7.0

References

packetstormsecurity.com/files/175397/VinChin-VMWare-Backup-7.0-Hardcoded-Credential-Remote-Code-Execution.html

packetstormsecurity.com/files/176289/Vinchin-Backup-And-Recovery-Command-Injection.html

seclists.org/fulldisclosure/2023/Oct/31

blog.leakix.net/2023/10/vinchin-backup-rce-chain/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

69.5%

JSON

Related for CVE-2023-45498

nvd1 cvelist1 prion1 zdt1 packetstorm1 rapid7blog1