Lucene search
TalosCVELIST:CVE-2023-23907HistoryJul 06, 2023 - 2:53 p.m.
CVE-2023-23907
2023-07-0614:53:32
CWE-22
talos
www.cve.org
cve-2023-23907
server.js start
arbitrary file read
network request
security vulnerability
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
41.0%
A directory traversal vulnerability exists in the server.js start functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to arbitrary file read. An attacker can send a network request to trigger this vulnerability.
CNA Affected
[
{
"vendor": "Milesight",
"product": "MilesightVPN",
"versions": [
{
"version": "v2.0.2",
"status": "affected"
}
]
}
]Related
talos
talos
Milesight MilesightVPN server.js start directory traversal vulnerability
2023-07-06 00:00:00
cve
cve
CVE-2023-23907
2023-07-06 15:15:11
prion
prion
Directory traversal
2023-07-06 15:15:00
nvd
nvd
CVE-2023-23907
2023-07-06 15:15:11
talosblog
talosblog
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
41.0%
Related for CVELIST:CVE-2023-23907