← Voltar para CVEs
CVE-2023-49897
HIGHCISA KEV8.8
Descricao
An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product.
Detalhes CVE
Pontuacao CVSS v3.18.8
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado12/6/2023
Ultima modificacao10/24/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorFXC
ProdutoAE1021, AE1021PE
Nome da vulnerabilidadeFXC AE1021, AE1021PE OS Command Injection Vulnerability
Data inclusao KEV2023-12-21
Prazo de remediacao2024-01-11
Uso em ransomwareUnknown
Produtos afetados
fxc:ae1021fxc:ae1021_firmwarefxc:ae1021pefxc:ae1021pe_firmware
Fraquezas (CWE)
CWE-78CWE-78
Referencias
https://jvn.jp/en/vu/JVNVU92152057/(vultures@jpcert.or.jp)
https://www.akamai.com/blog/security-research/zero-day-vulnerability-spreading-mirai-patched(vultures@jpcert.or.jp)
https://www.cisa.gov/news-events/ics-advisories/icsa-23-355-01(vultures@jpcert.or.jp)
https://www.fxc.jp/news/20231206(vultures@jpcert.or.jp)
https://jvn.jp/en/vu/JVNVU92152057/(af854a3a-2127-422b-91ae-364da2661108)
https://www.akamai.com/blog/security-research/zero-day-vulnerability-spreading-mirai-patched(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/news-events/ics-advisories/icsa-23-355-01(af854a3a-2127-422b-91ae-364da2661108)
https://www.fxc.jp/news/20231206(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-49897(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.