CVE-2023-5142

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-5142
A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file /userLogin.asp of the component Config File Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-240238 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

5.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/yinsel/CVE-H3C-Report Exploit Third Party Advisory
https://github.com/CJCniubi666/H3C-ER/blob/main/README.md Exploit Third Party Advisory
https://vuldb.com/?id.240238 Third Party Advisory
https://vuldb.com/?ctiid.240238 Permissions Required Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:h3c:gr-1100-p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:h3c:gr-1100-p:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:h3c:gr-1108-p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:h3c:gr-1108-p:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:h3c:gr-1200w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:h3c:gr-1200w:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:h3c:gr-1800ax_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:h3c:gr-1800ax:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:h3c:gr-2200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:h3c:gr-2200:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:h3c:gr-3200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:h3c:gr-3200:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:h3c:gr-5200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:h3c:gr-5200:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:h3c:gr-8300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:h3c:gr-8300:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:h3c:er3260g2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:h3c:er3260g2:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:h3c:er5200g2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:h3c:er5200g2:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:h3c:er3200g2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:h3c:er3200g2:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:h3c:er2100n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:h3c:er2100n:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:h3c:er6300g2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:h3c:er6300g2:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:h3c:er5100g2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:h3c:er5100g2:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:h3c:er2200g2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:h3c:er2200g2:-:*:*:*:*:*:*:*
History

07 Nov 2023, 04:23

Type Values Removed Values Added
New CVE
Information

Published : 2023-09-24 22:15

Updated : 2024-05-17 02:32

NVD link : CVE-2023-5142

Mitre link : CVE-2023-5142

JSON object : View

Products Affected

h3c

  • er5100g2
  • er6300g2_firmware
  • gr-2200_firmware
  • er5200g2
  • er2100n
  • gr-2200
  • er5200g2_firmware
  • er3260g2_firmware
  • er5100g2_firmware
  • gr-1108-p_firmware
  • gr-1800ax_firmware
  • gr-8300
  • er6300g2
  • er3260g2
  • gr-3200
  • gr-1100-p
  • gr-1108-p
  • gr-1200w_firmware
  • er3200g2_firmware
  • gr-1100-p_firmware
  • gr-1800ax
  • gr-5200
  • gr-3200_firmware
  • er2100n_firmware
  • gr-1200w
  • er3200g2
  • er2200g2
  • gr-5200_firmware
  • gr-8300_firmware
  • er2200g2_firmware
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')