CVE-2023-31245
Vulnerability from cvelistv5
Published
2023-05-22 19:37
Modified
2025-01-16 21:33
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Summary
Devices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attackers could impersonate a device and supply malicious information about the device’s web server interface. By supplying malicious parameters, an attacker could redirect the user to arbitrary and dangerous locations on the web.
References
ics-cert@hq.dhs.govhttps://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01Third Party Advisory, US Government Resource
ics-cert@hq.dhs.govhttps://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdfRelease Notes
af854a3a-2127-422b-91ae-364da2661108https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdfRelease Notes
Impacted products
Vendor Product Version
Snap One OvrC Cloud Version: 0   < 7.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T14:53:30.667Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdf",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-31245",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-01-16T20:21:09.583592Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-01-16T21:33:28.000Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "OvrC Cloud",
               vendor: "Snap One",
               versions: [
                  {
                     lessThan: "7.3",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "finder",
               user: "00000000-0000-4000-9000-000000000000",
               value: "Uri Katz of Claroty reported these vulnerabilities to CISA.",
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "\n\n<p></p>\n\n<p></p>\n\n<p></p>\n\n<p></p>\n\n<p>\n\n</p><p>\n\n</p><p>Devices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attackers could impersonate a device and supply malicious information about the device’s web server interface. By supplying malicious parameters, an attacker could redirect the user to arbitrary and dangerous locations on the web.</p>\n\n<p></p>\n\n<p></p>\n\n<p></p>",
                  },
               ],
               value: "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nDevices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attackers could impersonate a device and supply malicious information about the device’s web server interface. By supplying malicious parameters, an attacker could redirect the user to arbitrary and dangerous locations on the web.\n\n\n\n\n\n\n\n\n\n\n\n\n\n",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 7.1,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-601",
                     description: "CWE-601 Open Redirect",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-22T19:37:10.365Z",
            orgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            shortName: "icscert",
         },
         references: [
            {
               url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01",
            },
            {
               url: "https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdf",
            },
         ],
         solutions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "\n\n<p>Snap One has released the following updates/fixes for the affected products:</p><ul><li>OvrC Pro v7.2 has been automatically pushed out to devices to update via OvrC cloud.</li><li>OvrC Pro v7.3 has been automatically pushed out to devices to update via OvrC cloud.</li><li>Disable UPnP.</li></ul><p>For more information, see Snap One’s <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdf\">Release Notes</a>.</p>\n\n",
                  },
               ],
               value: "\nSnap One has released the following updates/fixes for the affected products:\n\n  *  OvrC Pro v7.2 has been automatically pushed out to devices to update via OvrC cloud.\n  *  OvrC Pro v7.3 has been automatically pushed out to devices to update via OvrC cloud.\n  *  Disable UPnP.\n\n\nFor more information, see Snap One’s  Release Notes https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdf .\n\n\n\n",
            },
         ],
         source: {
            discovery: "EXTERNAL",
         },
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
      assignerShortName: "icscert",
      cveId: "CVE-2023-31245",
      datePublished: "2023-05-22T19:37:10.365Z",
      dateReserved: "2023-04-26T19:18:23.299Z",
      dateUpdated: "2025-01-16T21:33:28.000Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2023-31245\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2023-05-22T20:15:10.807\",\"lastModified\":\"2024-11-21T08:01:41.973\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\nDevices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attackers could impersonate a device and supply malicious information about the device’s web server interface. By supplying malicious parameters, an attacker could redirect the user to arbitrary and dangerous locations on the web.\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":3.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-601\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:snapone:orvc:*:*:*:*:*:pro:*:*\",\"versionEndExcluding\":\"7.3.0\",\"matchCriteriaId\":\"415E3C3D-6B2F-4095-B7F1-E3F777E01172\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:control4:ca-1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"910274AB-35AF-428C-84D7-36774DEB59D8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:control4:ca-10:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"852189C9-7720-468D-BCE0-28DFC051AEDC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:control4:ea-1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C61FA2AE-A962-4D60-BBCF-751FDB5215B9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:control4:ea-3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6310809-0890-4113-837C-0074706B4E6B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:control4:ea-5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7ADAAF7-9B0B-4002-8158-FC6B0EAB6055\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:snapone:an-110-rt-2l1w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5B50505-B496-4172-813E-CA174EE2D4DF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:snapone:an-110-rt-2l1w-wifi:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04744281-B935-4272-8582-85C6162881F8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:snapone:an-310-rt-4l2w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCD83E46-F84F-49F8-9601-ABC03292E0F6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:snapone:ovrc-300-pro:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5B44DFB-CC8D-4342-907B-D34F9EAB5CEB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:snapone:pakedge_rk-1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2982D38-80BF-4041-9F59-D26C152D24D9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:snapone:pakedge_rt-3100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"061055F0-D742-4227-ADC2-1793979F9463\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:snapone:pakedge_wr-1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF7BD251-BB2F-4C49-8B1E-8EB26580DFDB\"}]}]}],\"references\":[{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdf\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]}]}}",
      vulnrichment: {
         containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdf\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T14:53:30.667Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-31245\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-16T20:21:09.583592Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-16T20:21:10.951Z\"}}], \"cna\": {\"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Uri Katz of Claroty reported these vulnerabilities to CISA.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Snap One\", \"product\": \"OvrC Cloud\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"7.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"\\nSnap One has released the following updates/fixes for the affected products:\\n\\n  *  OvrC Pro v7.2 has been automatically pushed out to devices to update via OvrC cloud.\\n  *  OvrC Pro v7.3 has been automatically pushed out to devices to update via OvrC cloud.\\n  *  Disable UPnP.\\n\\n\\nFor more information, see Snap One\\u2019s  Release Notes https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdf .\\n\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\n<p>Snap One has released the following updates/fixes for the affected products:</p><ul><li>OvrC Pro v7.2 has been automatically pushed out to devices to update via OvrC cloud.</li><li>OvrC Pro v7.3 has been automatically pushed out to devices to update via OvrC cloud.</li><li>Disable UPnP.</li></ul><p>For more information, see Snap One\\u2019s <a target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdf\\\">Release Notes</a>.</p>\\n\\n\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01\"}, {\"url\": \"https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdf\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\nDevices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attackers could impersonate a device and supply malicious information about the device\\u2019s web server interface. By supplying malicious parameters, an attacker could redirect the user to arbitrary and dangerous locations on the web.\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\n<p></p>\\n\\n<p></p>\\n\\n<p></p>\\n\\n<p></p>\\n\\n<p>\\n\\n</p><p>\\n\\n</p><p>Devices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attackers could impersonate a device and supply malicious information about the device\\u2019s web server interface. By supplying malicious parameters, an attacker could redirect the user to arbitrary and dangerous locations on the web.</p>\\n\\n<p></p>\\n\\n<p></p>\\n\\n<p></p>\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-601\", \"description\": \"CWE-601 Open Redirect\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2023-05-22T19:37:10.365Z\"}}}",
         cveMetadata: "{\"cveId\": \"CVE-2023-31245\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-16T21:33:28.000Z\", \"dateReserved\": \"2023-04-26T19:18:23.299Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2023-05-22T19:37:10.365Z\", \"assignerShortName\": \"icscert\"}",
         dataType: "CVE_RECORD",
         dataVersion: "5.1",
      },
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.