Lucene search

[email protected]CVE-2024-3141

HistoryApr 01, 2024 - 11:15 p.m.

CVE-2024-3141

2024-04-0123:15:10

CWE-79

[email protected]

web.nvd.nist.gov

clavister e10

clavister e80

remote attackers

cross site scripting

misc settings page

disclosed vulnerability

3.3 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:M/C:N/I:P/A:N

2.4 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.4%

JSON

A vulnerability has been found in Clavister E10 and E80 up to 14.00.10 and classified as problematic. This vulnerability affects unknown code of the file /?Page=Node&OBJ=/System/AdvancedSettings/DeviceSettings/MiscSettings of the component Misc Settings Page. The manipulation of the argument WatchdogTimerTime/BufFloodRebootTime/MaxPipeUsers/AVCache Lifetime/HTTPipeliningMaxReq/Reassembly MaxConnections/Reassembly MaxProcessingMem/ScrSaveTime leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 14.00.11 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-258916.

Affected configurations

Vulners

Node

clavisterclavister_firewallMatch14.00.0

clavisterclavister_firewallMatch14.00.1

clavisterclavister_firewallMatch14.00.2

clavisterclavister_firewallMatch14.00.3

clavisterclavister_firewallMatch14.00.4

clavisterclavister_firewallMatch14.00.5

clavisterclavister_firewallMatch14.00.6

clavisterclavister_firewallMatch14.00.7

clavisterclavister_firewallMatch14.00.8

clavisterclavister_firewallMatch14.00.9

clavisterclavister_firewallMatch14.00.10

clavisterclavister_firewallMatch14.00.0

clavisterclavister_firewallMatch14.00.1

clavisterclavister_firewallMatch14.00.2

clavisterclavister_firewallMatch14.00.3

clavisterclavister_firewallMatch14.00.4

clavisterclavister_firewallMatch14.00.5

clavisterclavister_firewallMatch14.00.6

clavisterclavister_firewallMatch14.00.7

clavisterclavister_firewallMatch14.00.8

clavisterclavister_firewallMatch14.00.9

clavisterclavister_firewallMatch14.00.10

VendorProductVersionCPE
clavisterclavister_firewall14.00.0cpe:2.3:o:clavister:clavister_firewall:14.00.0:*:*:*:*:*:*:*
clavisterclavister_firewall14.00.1cpe:2.3:o:clavister:clavister_firewall:14.00.1:*:*:*:*:*:*:*
clavisterclavister_firewall14.00.2cpe:2.3:o:clavister:clavister_firewall:14.00.2:*:*:*:*:*:*:*
clavisterclavister_firewall14.00.3cpe:2.3:o:clavister:clavister_firewall:14.00.3:*:*:*:*:*:*:*
clavisterclavister_firewall14.00.4cpe:2.3:o:clavister:clavister_firewall:14.00.4:*:*:*:*:*:*:*
clavisterclavister_firewall14.00.5cpe:2.3:o:clavister:clavister_firewall:14.00.5:*:*:*:*:*:*:*
clavisterclavister_firewall14.00.6cpe:2.3:o:clavister:clavister_firewall:14.00.6:*:*:*:*:*:*:*
clavisterclavister_firewall14.00.7cpe:2.3:o:clavister:clavister_firewall:14.00.7:*:*:*:*:*:*:*
clavisterclavister_firewall14.00.8cpe:2.3:o:clavister:clavister_firewall:14.00.8:*:*:*:*:*:*:*
clavisterclavister_firewall14.00.9cpe:2.3:o:clavister:clavister_firewall:14.00.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
clavister	clavister_firewall	14.00.0	cpe:2.3:o:clavister:clavister_firewall:14.00.0:::::::*
clavister	clavister_firewall	14.00.1	cpe:2.3:o:clavister:clavister_firewall:14.00.1:::::::*
clavister	clavister_firewall	14.00.2	cpe:2.3:o:clavister:clavister_firewall:14.00.2:::::::*
clavister	clavister_firewall	14.00.3	cpe:2.3:o:clavister:clavister_firewall:14.00.3:::::::*
clavister	clavister_firewall	14.00.4	cpe:2.3:o:clavister:clavister_firewall:14.00.4:::::::*
clavister	clavister_firewall	14.00.5	cpe:2.3:o:clavister:clavister_firewall:14.00.5:::::::*
clavister	clavister_firewall	14.00.6	cpe:2.3:o:clavister:clavister_firewall:14.00.6:::::::*
clavister	clavister_firewall	14.00.7	cpe:2.3:o:clavister:clavister_firewall:14.00.7:::::::*
clavister	clavister_firewall	14.00.8	cpe:2.3:o:clavister:clavister_firewall:14.00.8:::::::*
clavister	clavister_firewall	14.00.9	cpe:2.3:o:clavister:clavister_firewall:14.00.9:::::::*

Rows per page:

1-10 of 221

CNA Affected

[
  {
    "vendor": "Clavister",
    "product": "E10",
    "versions": [
      {
        "version": "14.00.0",
        "status": "affected"
      },
      {
        "version": "14.00.1",
        "status": "affected"
      },
      {
        "version": "14.00.2",
        "status": "affected"
      },
      {
        "version": "14.00.3",
        "status": "affected"
      },
      {
        "version": "14.00.4",
        "status": "affected"
      },
      {
        "version": "14.00.5",
        "status": "affected"
      },
      {
        "version": "14.00.6",
        "status": "affected"
      },
      {
        "version": "14.00.7",
        "status": "affected"
      },
      {
        "version": "14.00.8",
        "status": "affected"
      },
      {
        "version": "14.00.9",
        "status": "affected"
      },
      {
        "version": "14.00.10",
        "status": "affected"
      }
    ],
    "modules": [
      "Misc Settings Page"
    ]
  },
  {
    "vendor": "Clavister",
    "product": "E80",
    "versions": [
      {
        "version": "14.00.0",
        "status": "affected"
      },
      {
        "version": "14.00.1",
        "status": "affected"
      },
      {
        "version": "14.00.2",
        "status": "affected"
      },
      {
        "version": "14.00.3",
        "status": "affected"
      },
      {
        "version": "14.00.4",
        "status": "affected"
      },
      {
        "version": "14.00.5",
        "status": "affected"
      },
      {
        "version": "14.00.6",
        "status": "affected"
      },
      {
        "version": "14.00.7",
        "status": "affected"
      },
      {
        "version": "14.00.8",
        "status": "affected"
      },
      {
        "version": "14.00.9",
        "status": "affected"
      },
      {
        "version": "14.00.10",
        "status": "affected"
      }
    ],
    "modules": [
      "Misc Settings Page"
    ]
  }
]

References

docs.clavister.com/repo/cos-core-release-notes/doc/index.html#d0e2260

github.com/strik3r0x1/Vulns/blob/main/Clavister_E80-RXSS.md

my.clavister.com/downloads/?sid=1

vuldb.com/?ctiid.258916

vuldb.com/?id.258916

vuldb.com/?submit.303451

3.3 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:M/C:N/I:P/A:N

2.4 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.4%

JSON

Related for CVE-2024-3141

cvelist1 nvd1