dst-admin 1.5.0 /home/masterConsole command escalada de privilegios

ArtículoHistoryrelatejsonxmlCTI

Una vulnerabilidad fue encontrada en dst-admin 1.5.0 y clasificada como crítica. Una función desconocida del archivo /home/masterConsole es afectada por esta vulnerabilidad. A través de la manipulación del parámetro command de un input desconocido se causa una vulnerabilidad de clase escalada de privilegios. El advisory puede ser descargado de github.com. La vulnerabilidad es identificada como CVE-2023-0648. El ataque se puede efectuar a través de la red. Los detalles técnicos son conocidos. Fue declarado como proof-of-concept. El exploit puede ser descargado de github.com.

4 Cambios · 70 Puntos de datos

Campo	Fecha de creación 2023-02-02 14:34	Update 1/3 2023-02-02 14:36	Update 2/3 2023-03-01 19:40	Update 3/3 2023-03-01 19:47
software_name	dst-admin	dst-admin	dst-admin	dst-admin
software_version	1.5.0	1.5.0	1.5.0	1.5.0
software_file	/home/masterConsole	/home/masterConsole	/home/masterConsole	/home/masterConsole
software_argument	command	command	command	command
vulnerability_cwe	CWE-77 (escalada de privilegios)	CWE-77 (escalada de privilegios)	CWE-77 (escalada de privilegios)	CWE-77 (escalada de privilegios)
vulnerability_risk	2	2	2	2
cvss3_vuldb_av	N	N	N	N
cvss3_vuldb_ac	L	L	L	L
cvss3_vuldb_pr	L	L	L	L
cvss3_vuldb_ui	N	N	N	N
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_c	L	L	L	L
cvss3_vuldb_i	L	L	L	L
cvss3_vuldb_a	L	L	L	L
cvss3_vuldb_e	P	P	P	P
cvss3_vuldb_rc	R	R	R	R
exploit_availability	1	1	1	1
exploit_publicity	1	1	1	1
source_cve	CVE-2023-0648	CVE-2023-0648	CVE-2023-0648	CVE-2023-0648
cna_responsible	VulDB	VulDB	VulDB	VulDB
advisory_date	1675292400 (2023-02-02)	1675292400 (2023-02-02)	1675292400 (2023-02-02)	1675292400 (2023-02-02)
cvss2_vuldb_av	N	N	N	N
cvss2_vuldb_ac	L	L	L	L
cvss2_vuldb_ci	P	P	P	P
cvss2_vuldb_ii	P	P	P	P
cvss2_vuldb_ai	P	P	P	P
cvss2_vuldb_e	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR
cvss2_vuldb_au	S	S	S	S
cvss2_vuldb_rl	ND	ND	ND	ND
cvss3_vuldb_rl	X	X	X	X
cvss2_vuldb_basescore	6.5	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.6	5.6	5.6	5.6
cvss3_vuldb_basescore	6.3	6.3	6.3	6.3
cvss3_vuldb_tempscore	5.7	5.7	5.7	5.7
cvss3_meta_basescore	6.3	6.3	6.3	6.7
cvss3_meta_tempscore	5.7	5.7	5.7	6.5
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k
advisory_url		https://github.com/Ha0Liu/cveAdd/tree/developer/dst-admin%201.5.0%E5%90%8E%E5%8F%B0masterConsole%E6%8E%A5%E5%8F%A3%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C	https://github.com/Ha0Liu/cveAdd/tree/developer/dst-admin%201.5.0%E5%90%8E%E5%8F%B0masterConsole%E6%8E%A5%E5%8F%A3%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C	https://github.com/Ha0Liu/cveAdd/tree/developer/dst-admin%201.5.0%E5%90%8E%E5%8F%B0masterConsole%E6%8E%A5%E5%8F%A3%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C
exploit_url		https://github.com/Ha0Liu/cveAdd/tree/developer/dst-admin%201.5.0%E5%90%8E%E5%8F%B0masterConsole%E6%8E%A5%E5%8F%A3%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C	https://github.com/Ha0Liu/cveAdd/tree/developer/dst-admin%201.5.0%E5%90%8E%E5%8F%B0masterConsole%E6%8E%A5%E5%8F%A3%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C	https://github.com/Ha0Liu/cveAdd/tree/developer/dst-admin%201.5.0%E5%90%8E%E5%8F%B0masterConsole%E6%8E%A5%E5%8F%A3%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C
cve_assigned			1675292400 (2023-02-02)	1675292400 (2023-02-02)
cve_nvd_summary			A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-220035.	A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-220035.
cvss3_cna_basescore				6.3
cvss3_nvd_av				N
cvss3_nvd_ac				L
cvss3_nvd_pr				N
cvss3_nvd_ui				N
cvss3_nvd_s				U
cvss3_nvd_c				H
cvss3_nvd_i				N
cvss3_nvd_a				N
cvss2_nvd_av				N
cvss2_nvd_ac				L
cvss2_nvd_au				S
cvss2_nvd_ci				P
cvss2_nvd_ii				P
cvss2_nvd_ai				P
cvss3_cna_av				N
cvss3_cna_ac				L
cvss3_cna_pr				L
cvss3_cna_ui				N
cvss3_cna_s				U
cvss3_cna_c				L
cvss3_cna_i				L
cvss3_cna_a				L
cve_cna				VulDB
cvss2_nvd_basescore				6.5
cvss3_nvd_basescore				7.5

◂ Anterior Visión De Conjunto Próximo ▸

Do you need the next level of professionalism?

Upgrade your account now!