CWE-347
AllowedImproper Verification of Cryptographic Signature
Abstraction: Base · Status: Draft
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
1127 vulnerabilities reference this CWE, most recent first.
CVE-2023-23436 (GCVE-0-2023-23436)
Vulnerability from cvelistv5 – Published: 2023-12-29 02:12 – Updated: 2024-08-02 10:28- CWE-347 - Improper Verification of Cryptographic Signature
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:28:40.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.hihonor.com/global/security/cve-2023-23436/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Magic OS\t",
"vendor": "Honor",
"versions": [
{
"lessThan": "7.1.0.100",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSome Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file\u003c/span\u003e\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "\nSome Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T02:12:01.783Z",
"orgId": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"shortName": "Honor"
},
"references": [
{
"url": "https://www.hihonor.com/global/security/cve-2023-23436/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"assignerShortName": "Honor",
"cveId": "CVE-2023-23436",
"datePublished": "2023-12-29T02:12:01.783Z",
"dateReserved": "2023-01-12T04:00:30.136Z",
"dateUpdated": "2024-08-02T10:28:40.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23435 (GCVE-0-2023-23435)
Vulnerability from cvelistv5 – Published: 2023-12-29 02:08 – Updated: 2024-08-02 10:28- CWE-347 - Improper Verification of Cryptographic Signature
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23435",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T19:55:26.456077Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T19:55:32.749Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:28:40.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.hihonor.com/global/security/cve-2023-23435/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Magic OS\t",
"vendor": "Honor",
"versions": [
{
"lessThan": "7.1.0.137",
"status": "affected",
"version": "7.1.0.127",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSome Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file\u003c/span\u003e\n\n"
}
],
"value": "\nSome Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T02:08:26.355Z",
"orgId": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"shortName": "Honor"
},
"references": [
{
"url": "https://www.hihonor.com/global/security/cve-2023-23435/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"assignerShortName": "Honor",
"cveId": "CVE-2023-23435",
"datePublished": "2023-12-29T02:08:26.355Z",
"dateReserved": "2023-01-12T04:00:30.136Z",
"dateUpdated": "2024-08-02T10:28:40.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23433 (GCVE-0-2023-23433)
Vulnerability from cvelistv5 – Published: 2023-12-29 01:49 – Updated: 2024-08-02 10:28- CWE-347 - Improper Verification of Cryptographic Signature
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:28:40.858Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.hihonor.com/global/security/cve-2023-23433/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NTH-AN00",
"vendor": "Honor",
"versions": [
{
"lessThan": "7.0.0.157",
"status": "affected",
"version": "7.0.0.138",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-12-30T01:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSome Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.\u003c/span\u003e\n\n"
}
],
"value": "\nSome Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T01:49:15.081Z",
"orgId": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"shortName": "Honor"
},
"references": [
{
"url": "https://www.hihonor.com/global/security/cve-2023-23433/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"assignerShortName": "Honor",
"cveId": "CVE-2023-23433",
"datePublished": "2023-12-29T01:49:15.081Z",
"dateReserved": "2023-01-12T04:00:30.135Z",
"dateUpdated": "2024-08-02T10:28:40.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23432 (GCVE-0-2023-23432)
Vulnerability from cvelistv5 – Published: 2023-12-29 01:20 – Updated: 2024-11-27 15:27- CWE-347 - Improper Verification of Cryptographic Signature
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:28:40.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.hihonor.com/global/security/cve-2023-23432/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23432",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-11T19:52:09.435571Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T15:27:00.946Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NTH-AN00",
"vendor": "Honor",
"versions": [
{
"lessThan": "7.0.0.157",
"status": "affected",
"version": "7.0.0.138",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-12-30T01:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSome Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.\u003c/span\u003e\n\n"
}
],
"value": "\nSome Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T01:20:05.826Z",
"orgId": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"shortName": "Honor"
},
"references": [
{
"url": "https://www.hihonor.com/global/security/cve-2023-23432/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"assignerShortName": "Honor",
"cveId": "CVE-2023-23432",
"datePublished": "2023-12-29T01:20:05.826Z",
"dateReserved": "2023-01-12T04:00:30.135Z",
"dateUpdated": "2024-11-27T15:27:00.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23431 (GCVE-0-2023-23431)
Vulnerability from cvelistv5 – Published: 2023-12-29 01:32 – Updated: 2024-09-09 17:43- CWE-347 - Improper Verification of Cryptographic Signature
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:28:40.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.hihonor.com/global/security/cve-2023-23431/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23431",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T17:43:37.282419Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T17:43:50.000Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NTH-AN00",
"vendor": "Honor",
"versions": [
{
"lessThan": " 7.0.0.157",
"status": "affected",
"version": " 7.0.0.138",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-12-30T01:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSome Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.\u003c/span\u003e\n\n"
}
],
"value": "\nSome Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T01:32:38.086Z",
"orgId": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"shortName": "Honor"
},
"references": [
{
"url": "https://www.hihonor.com/global/security/cve-2023-23431/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"assignerShortName": "Honor",
"cveId": "CVE-2023-23431",
"datePublished": "2023-12-29T01:32:38.086Z",
"dateReserved": "2023-01-12T04:00:30.135Z",
"dateUpdated": "2024-09-09T17:43:50.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22742 (GCVE-0-2023-22742)
Vulnerability from cvelistv5 – Published: 2023-01-20 22:49 – Updated: 2025-03-10 21:21- CWE-347 - Improper Verification of Cryptographic Signature
| URL | Tags |
|---|---|
| https://github.com/libgit2/libgit2/security/advis… | x_refsource_CONFIRM |
| https://github.com/libgit2/libgit2/commit/42e5db9… | x_refsource_MISC |
| https://github.com/libgit2/libgit2/commit/cd6f679… | x_refsource_MISC |
| https://github.com/libgit2/libgit2/releases/tag/v1.4.5 | x_refsource_MISC |
| https://github.com/libgit2/libgit2/releases/tag/v1.5.1 | x_refsource_MISC |
| https://www.libssh2.org | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2023/11/06/5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/libgit2/libgit2/security/advisories/GHSA-8643-3wh5-rmjq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/libgit2/libgit2/security/advisories/GHSA-8643-3wh5-rmjq"
},
{
"name": "https://github.com/libgit2/libgit2/commit/42e5db98b963ae503229c63e44e06e439df50e56",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libgit2/libgit2/commit/42e5db98b963ae503229c63e44e06e439df50e56"
},
{
"name": "https://github.com/libgit2/libgit2/commit/cd6f679af401eda1f172402006ef8265f8bd58ea",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libgit2/libgit2/commit/cd6f679af401eda1f172402006ef8265f8bd58ea"
},
{
"name": "https://github.com/libgit2/libgit2/releases/tag/v1.4.5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libgit2/libgit2/releases/tag/v1.4.5"
},
{
"name": "https://github.com/libgit2/libgit2/releases/tag/v1.5.1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libgit2/libgit2/releases/tag/v1.5.1"
},
{
"name": "https://www.libssh2.org",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.libssh2.org"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/06/5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22742",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T20:59:36.699887Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:21:08.962Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libgit2",
"vendor": "libgit2",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.5"
},
{
"status": "affected",
"version": "= 1.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the `certificate_check` field of libgit2\u0027s `git_remote_callbacks` structure - if a certificate check callback is not set, libgit2 does not perform any certificate checking. This means that by default - without configuring a certificate check callback, clients will not perform validation on the server SSH keys and may be subject to a man-in-the-middle attack. Users are encouraged to upgrade to v1.4.5 or v1.5.1. Users unable to upgrade should ensure that all relevant certificates are manually checked."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-07T00:06:32.714Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/libgit2/libgit2/security/advisories/GHSA-8643-3wh5-rmjq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/libgit2/libgit2/security/advisories/GHSA-8643-3wh5-rmjq"
},
{
"name": "https://github.com/libgit2/libgit2/commit/42e5db98b963ae503229c63e44e06e439df50e56",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libgit2/libgit2/commit/42e5db98b963ae503229c63e44e06e439df50e56"
},
{
"name": "https://github.com/libgit2/libgit2/commit/cd6f679af401eda1f172402006ef8265f8bd58ea",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libgit2/libgit2/commit/cd6f679af401eda1f172402006ef8265f8bd58ea"
},
{
"name": "https://github.com/libgit2/libgit2/releases/tag/v1.4.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libgit2/libgit2/releases/tag/v1.4.5"
},
{
"name": "https://github.com/libgit2/libgit2/releases/tag/v1.5.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libgit2/libgit2/releases/tag/v1.5.1"
},
{
"name": "https://www.libssh2.org",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.libssh2.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/06/5"
}
],
"source": {
"advisory": "GHSA-8643-3wh5-rmjq",
"discovery": "UNKNOWN"
},
"title": "libgit2 fails to verify SSH keys by default"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-22742",
"datePublished": "2023-01-20T22:49:06.378Z",
"dateReserved": "2023-01-06T14:21:05.892Z",
"dateUpdated": "2025-03-10T21:21:08.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20266 (GCVE-0-2023-20266)
Vulnerability from cvelistv5 – Published: 2023-08-30 16:18 – Updated: 2025-07-01 13:45- CWE-347 - Improper Verification of Cryptographic Signature
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Emergency Responder |
Affected:
12.5(1)SU4
Affected: 12.5(1)SU8a Affected: 14SU3 |
|
| Cisco | Cisco Unity Connection |
Affected:
12.5(1)SU6
Affected: 12.5(1)SU7 Affected: 12.5(1)SU8 Affected: 14SU2 Affected: 14SU3 |
|
| Cisco | Cisco Unified Communications Manager |
Affected:
12.5(1)SU8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-cucm-priv-esc-D8Bky5eg",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-priv-esc-D8Bky5eg"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20266",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T13:45:46.201311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T13:45:58.935Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Emergency Responder",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "12.5(1)SU8a"
},
{
"status": "affected",
"version": "14SU3"
}
]
},
{
"product": "Cisco Unity Connection",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "12.5(1)SU8"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "14SU3"
}
]
},
{
"product": "Cisco Unified Communications Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.5(1)SU8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an authenticated, remote attacker to elevate privileges to root on an affected device.\r\n\r This vulnerability exists because the application does not properly restrict the files that are being used for upgrades. An attacker could exploit this vulnerability by providing a crafted upgrade file. A successful exploit could allow the attacker to elevate privileges to root. To exploit this vulnerability, the attacker must have valid platform administrator credentials on an affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:58:35.907Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cucm-priv-esc-D8Bky5eg",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-priv-esc-D8Bky5eg"
}
],
"source": {
"advisory": "cisco-sa-cucm-priv-esc-D8Bky5eg",
"defects": [
"CSCwh30455",
"CSCwh30442",
"CSCwh29940"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20266",
"datePublished": "2023-08-30T16:18:42.528Z",
"dateReserved": "2022-10-27T18:47:50.373Z",
"dateUpdated": "2025-07-01T13:45:58.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20236 (GCVE-0-2023-20236)
Vulnerability from cvelistv5 – Published: 2023-09-13 16:39 – Updated: 2025-12-16 18:23- CWE-347 - Improper Verification of Cryptographic Signature
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Affected:
5.2.0
Affected: 5.2.1 Affected: 5.2.2 Affected: 5.2.4 Affected: 5.2.3 Affected: 5.2.5 Affected: 5.2.47 Affected: 5.3.0 Affected: 5.3.1 Affected: 5.3.2 Affected: 5.3.3 Affected: 5.3.4 Affected: 6.0.0 Affected: 6.0.1 Affected: 6.0.2 Affected: 6.1.1 Affected: 6.1.2 Affected: 6.1.3 Affected: 6.1.4 Affected: 6.1.12 Affected: 6.1.22 Affected: 6.1.32 Affected: 6.1.36 Affected: 6.1.42 Affected: 6.2.1 Affected: 6.2.2 Affected: 6.2.3 Affected: 6.2.25 Affected: 6.2.11 Affected: 6.3.2 Affected: 6.3.3 Affected: 6.3.15 Affected: 6.4.1 Affected: 6.4.2 Affected: 6.4.3 Affected: 6.5.1 Affected: 6.5.2 Affected: 6.5.3 Affected: 6.5.25 Affected: 6.5.26 Affected: 6.5.28 Affected: 6.5.29 Affected: 6.5.32 Affected: 6.5.33 Affected: 6.6.2 Affected: 6.6.3 Affected: 6.6.25 Affected: 6.6.4 Affected: 7.0.1 Affected: 7.0.2 Affected: 7.0.12 Affected: 7.0.14 Affected: 7.1.1 Affected: 7.1.15 Affected: 7.1.2 Affected: 7.1.3 Affected: 6.7.1 Affected: 6.7.2 Affected: 6.7.3 Affected: 6.7.4 Affected: 7.2.0 Affected: 7.2.1 Affected: 7.2.2 Affected: 7.3.1 Affected: 7.3.15 Affected: 7.3.2 Affected: 7.3.3 Affected: 7.3.5 Affected: 7.4.1 Affected: 7.4.2 Affected: 6.8.1 Affected: 6.8.2 Affected: 7.5.1 Affected: 7.5.3 Affected: 7.5.2 Affected: 7.5.4 Affected: 7.6.1 Affected: 7.6.2 Affected: 7.7.1 Affected: 7.7.2 Affected: 7.7.21 Affected: 6.9.1 Affected: 6.9.2 Affected: 7.8.1 Affected: 7.8.2 Affected: 7.9.1 Affected: 7.9.2 |
|
| cisco | ios_xr_software |
Affected:
0 , ≤ 7.9.2
(custom)
cpe:2.3:o:cisco:ios_xr_software:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:35.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:ios_xr_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ios_xr_software",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "7.9.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20236",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-15T16:36:16.200980Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T18:23:20.640Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "5.2.0"
},
{
"status": "affected",
"version": "5.2.1"
},
{
"status": "affected",
"version": "5.2.2"
},
{
"status": "affected",
"version": "5.2.4"
},
{
"status": "affected",
"version": "5.2.3"
},
{
"status": "affected",
"version": "5.2.5"
},
{
"status": "affected",
"version": "5.2.47"
},
{
"status": "affected",
"version": "5.3.0"
},
{
"status": "affected",
"version": "5.3.1"
},
{
"status": "affected",
"version": "5.3.2"
},
{
"status": "affected",
"version": "5.3.3"
},
{
"status": "affected",
"version": "5.3.4"
},
{
"status": "affected",
"version": "6.0.0"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.1.2"
},
{
"status": "affected",
"version": "6.1.3"
},
{
"status": "affected",
"version": "6.1.4"
},
{
"status": "affected",
"version": "6.1.12"
},
{
"status": "affected",
"version": "6.1.22"
},
{
"status": "affected",
"version": "6.1.32"
},
{
"status": "affected",
"version": "6.1.36"
},
{
"status": "affected",
"version": "6.1.42"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "6.2.2"
},
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.2.25"
},
{
"status": "affected",
"version": "6.2.11"
},
{
"status": "affected",
"version": "6.3.2"
},
{
"status": "affected",
"version": "6.3.3"
},
{
"status": "affected",
"version": "6.3.15"
},
{
"status": "affected",
"version": "6.4.1"
},
{
"status": "affected",
"version": "6.4.2"
},
{
"status": "affected",
"version": "6.4.3"
},
{
"status": "affected",
"version": "6.5.1"
},
{
"status": "affected",
"version": "6.5.2"
},
{
"status": "affected",
"version": "6.5.3"
},
{
"status": "affected",
"version": "6.5.25"
},
{
"status": "affected",
"version": "6.5.26"
},
{
"status": "affected",
"version": "6.5.28"
},
{
"status": "affected",
"version": "6.5.29"
},
{
"status": "affected",
"version": "6.5.32"
},
{
"status": "affected",
"version": "6.5.33"
},
{
"status": "affected",
"version": "6.6.2"
},
{
"status": "affected",
"version": "6.6.3"
},
{
"status": "affected",
"version": "6.6.25"
},
{
"status": "affected",
"version": "6.6.4"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.0.12"
},
{
"status": "affected",
"version": "7.0.14"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.1.15"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "7.1.3"
},
{
"status": "affected",
"version": "6.7.1"
},
{
"status": "affected",
"version": "6.7.2"
},
{
"status": "affected",
"version": "6.7.3"
},
{
"status": "affected",
"version": "6.7.4"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.3.15"
},
{
"status": "affected",
"version": "7.3.2"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "6.8.1"
},
{
"status": "affected",
"version": "6.8.2"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.5.4"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.7.2"
},
{
"status": "affected",
"version": "7.7.21"
},
{
"status": "affected",
"version": "6.9.1"
},
{
"status": "affected",
"version": "6.9.2"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "7.8.2"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.9.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device.\r\n\r This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the iPXE boot process on an affected device. A successful exploit could allow the attacker to boot an unverified software image on the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T19:50:10.951Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB"
}
],
"source": {
"advisory": "cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB",
"defects": [
"CSCvz63925",
"CSCvz63918",
"CSCwe12502",
"CSCvz63929",
"CSCwi31568",
"CSCwh78724",
"CSCwi26526",
"CSCwh70601",
"CSCwh78727",
"CSCwj83430",
"CSCwj88475"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20236",
"datePublished": "2023-09-13T16:39:19.418Z",
"dateReserved": "2022-10-27T18:47:50.370Z",
"dateUpdated": "2025-12-16T18:23:20.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-20135 (GCVE-0-2023-20135)
Vulnerability from cvelistv5 – Published: 2023-09-13 16:38 – Updated: 2025-12-16 18:23- CWE-347 - Improper Verification of Cryptographic Signature
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Affected:
7.5.3
Affected: 7.5.2 Affected: 7.5.4 Affected: 7.7.1 Affected: 7.7.2 Affected: 7.7.21 Affected: 7.8.1 Affected: 7.8.2 Affected: 7.9.1 Affected: 7.9.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:36.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-lnt-L9zOkBz5",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lnt-L9zOkBz5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20135",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-15T16:36:16.730906Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T18:23:19.364Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.5.4"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.7.2"
},
{
"status": "affected",
"version": "7.7.21"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "7.8.2"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.9.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system.\r\n\r This vulnerability is due to a time-of-check, time-of-use (TOCTOU) race condition when an install query regarding an ISO image is performed during an install operation that uses an ISO image. An attacker could exploit this vulnerability by modifying an ISO image and then carrying out install requests in parallel. A successful exploit could allow the attacker to execute arbitrary code on an affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:57:47.716Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-lnt-L9zOkBz5",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lnt-L9zOkBz5"
}
],
"source": {
"advisory": "cisco-sa-lnt-L9zOkBz5",
"defects": [
"CSCwd87928"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20135",
"datePublished": "2023-09-13T16:38:36.593Z",
"dateReserved": "2022-10-27T18:47:50.351Z",
"dateUpdated": "2025-12-16T18:23:19.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-5747 (GCVE-0-2023-5747)
Vulnerability from cvelistv5 – Published: 2023-11-13 07:48 – Updated: 2024-08-02 08:07| URL | Tags |
|---|---|
| https://www.hanwhavision.com/wp-content/uploads/2… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Hanwha Vision Co., Ltd. | PNV-A6081R |
Affected:
2.21.02
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.hanwhavision.com/wp-content/uploads/2023/11/Camera-Vulnerability-Report-CVE-2023-5747_20231113.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PNV-A6081R",
"vendor": "Hanwha Vision Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "2.21.02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. The Wave server application in camera device was vulnerable to command injection allowing an attacker to run arbitrary code. HanwhaVision has released patched firmware for the highlighted flaw. Please refer to the hanwhavision security report for more information and solution.\""
}
],
"value": "Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. The Wave server application in camera device was vulnerable to command injection allowing an attacker to run arbitrary code. HanwhaVision has released patched firmware for the highlighted flaw. Please refer to the hanwhavision security report for more information and solution.\""
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345 Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T01:14:38.418Z",
"orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"shortName": "Hanwha_Vision"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hanwhavision.com/wp-content/uploads/2023/11/Camera-Vulnerability-Report-CVE-2023-5747_20231113.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command injection via wave install file",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
"assignerShortName": "Hanwha_Vision",
"cveId": "CVE-2023-5747",
"datePublished": "2023-11-13T07:48:16.959Z",
"dateReserved": "2023-10-24T04:51:26.683Z",
"dateUpdated": "2024-08-02T08:07:32.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
CAPEC-463: Padding Oracle Crypto Attack
An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.