CVE-2023-29152

CVSS v3 6.2 MEDIUM

6.2^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.7 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account.

References

Link	Resource
https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13	Broken Link
https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13	Third Party Advisory US Government Resource
https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13	Broken Link

Configurations

Configuration 1 (hide)

cpe:2.3:a:ptc:vuforia_studio:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:56

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~8.1~~	v2 : unknown v3 : 6.2
References	~~() https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13 - Broken Link~~	() https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13 - Broken Link

Information

Published : 2023-06-07 22:15

Updated : 2024-11-21 07:56

NVD link : CVE-2023-29152

Mitre link : CVE-2023-29152

CVE.ORG link : CVE-2023-29152

JSON object : View

Products Affected

vuforia_studio

CWE

CWE-285

Improper Authorization

NVD-CWE-noinfo

{"id": "CVE-2023-29152", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 1.7}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2023-06-07T22:15:09.737", "references": [{"url": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13", "tags": ["Broken Link"], "source": "[email protected]"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13", "tags": ["Third Party Advisory", "US Government Resource"], "source": "[email protected]"}, {"url": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-13", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-285"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "\n\nBy changing the filename parameter in the request, an attacker could \ndelete any file with the permissions of the Vuforia server account.\n\n"}], "lastModified": "2024-11-21T07:56:37.357", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ptc:vuforia_studio:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0401ACC-907D-43E1-9CAE-FC94DC02C9F7", "versionEndExcluding": "9.9"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}