← Volver a CVEs
CVE-2023-49897
HIGHCISA KEV8.8
Descripcion
An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product.
Detalles CVE
Puntuacion CVSS v3.18.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado12/6/2023
Ultima modificacion10/24/2025
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorFXC
ProductoAE1021, AE1021PE
Nombre vulnerabilidadFXC AE1021, AE1021PE OS Command Injection Vulnerability
Fecha inclusion KEV2023-12-21
Fecha limite remediacion2024-01-11
Uso en ransomwareUnknown
Productos afectados
fxc:ae1021fxc:ae1021_firmwarefxc:ae1021pefxc:ae1021pe_firmware
Debilidades (CWE)
CWE-78CWE-78
Referencias
https://jvn.jp/en/vu/JVNVU92152057/(vultures@jpcert.or.jp)
https://www.akamai.com/blog/security-research/zero-day-vulnerability-spreading-mirai-patched(vultures@jpcert.or.jp)
https://www.cisa.gov/news-events/ics-advisories/icsa-23-355-01(vultures@jpcert.or.jp)
https://www.fxc.jp/news/20231206(vultures@jpcert.or.jp)
https://jvn.jp/en/vu/JVNVU92152057/(af854a3a-2127-422b-91ae-364da2661108)
https://www.akamai.com/blog/security-research/zero-day-vulnerability-spreading-mirai-patched(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/news-events/ics-advisories/icsa-23-355-01(af854a3a-2127-422b-91ae-364da2661108)
https://www.fxc.jp/news/20231206(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-49897(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.