Lucene search

[email protected]NVD:CVE-2023-32615

HistorySep 05, 2023 - 5:15 p.m.

CVE-2023-32615

2023-09-0517:15:08

CWE-610

CWE-73

[email protected]

web.nvd.nist.gov

file write vulnerability

oas engine

configuration functionality

open automation software

arbitrary file creation

arbitrary file overwrite

network requests

attacker

sequence of requests

trigger vulnerability

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

30.7%

JSON

A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability.

Affected configurations

Nvd

Node

openautomationsoftwareoas_platformMatch18.00.0072

VendorProductVersionCPE
openautomationsoftwareoas_platform18.00.0072cpe:2.3:a:openautomationsoftware:oas_platform:18.00.0072:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openautomationsoftware	oas_platform	18.00.0072	cpe:2.3:a:openautomationsoftware:oas_platform:18.00.0072:::::::*

References

talosintelligence.com/vulnerability_reports/TALOS-2023-1771

www.talosintelligence.com/vulnerability_reports/TALOS-2023-1771

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

30.7%

JSON

Related for NVD:CVE-2023-32615

cve1 prion1 cvelist1 talos1 vulnrichment1 talosblog2