CVE-2023-6201

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Univera Computer System Panorama allows Command Injection.This issue affects Panorama: before 8.0.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.usom.gov.tr/bildirim/tr-23-0665	Third Party Advisory
https://www.usom.gov.tr/bildirim/tr-23-0665	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:univera:panorama:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:43

Type	Values Removed	Values Added
References	~~() https://www.usom.gov.tr/bildirim/tr-23-0665 - Third Party Advisory~~	() https://www.usom.gov.tr/bildirim/tr-23-0665 - Third Party Advisory

04 Dec 2023, 19:29

Type	Values Removed	Values Added
CPE		cpe:2.3:a:univera:panorama::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~9.9~~	v2 : unknown v3 : 8.8
First Time		Univera Univera panorama
References	~~() https://www.usom.gov.tr/bildirim/tr-23-0665 -~~	() https://www.usom.gov.tr/bildirim/tr-23-0665 - Third Party Advisory

28 Nov 2023, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-28 12:15

Updated : 2024-11-21 08:43

NVD link : CVE-2023-6201

Mitre link : CVE-2023-6201

CVE.ORG link : CVE-2023-6201

JSON object : View

Products Affected

univera

panorama

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2023-6201", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "iletisim@usom.gov.tr", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-11-28T12:15:07.443", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-23-0665", "tags": ["Third Party Advisory"], "source": "iletisim@usom.gov.tr"}, {"url": "https://www.usom.gov.tr/bildirim/tr-23-0665", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "iletisim@usom.gov.tr", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Univera Computer System Panorama allows Command Injection.This issue affects Panorama: before 8.0.\n\n"}, {"lang": "es", "value": "La neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo ('inyecci\u00f3n de comando del sistema operativo') en Univera Computer System Panorama permite la inyecci\u00f3n de comando. Este problema afecta a Panorama: versiones anteriores a 8.0."}], "lastModified": "2024-11-21T08:43:21.293", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:univera:panorama:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE8CA235-8CB3-4DFC-9B3B-A84546BACA8F", "versionEndExcluding": "8.0"}], "operator": "OR"}]}], "sourceIdentifier": "iletisim@usom.gov.tr"}