ID
VAR-202302-2072
CVE
CVE-2023-26602
TITLE
ASUSTeK Computer Inc. of ASMB8-iKVM Command injection vulnerability in firmware
Trust: 0.8
DESCRIPTION
ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution. ASUSTeK Computer Inc. of ASMB8-iKVM Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Trust: 1.8
AFFECTED PRODUCTS
| vendor: | asus | model: | asmb8-ikvm | scope: | lte | version: | 1.14.51 | Trust: 1.0 |
| vendor: | asustek computer | model: | asmb8-ikvm | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | asustek computer | model: | asmb8-ikvm | scope: | - | version: | - | Trust: 0.8 |
| vendor: | asustek computer | model: | asmb8-ikvm | scope: | lte | version: | asmb8-ikvm firmware 1.14.51 and earlier | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-77 | Trust: 1.1 |
| problemtype: | Command injection (CWE-77) [NVD evaluation ] | Trust: 0.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
command injection
Trust: 0.6
EXPLOIT AVAILABILITY
EXTERNAL IDS
| db: | NVD | id: | CVE-2023-26602 | Trust: 3.4 |
| db: | PACKETSTORM | id: | 171137 | Trust: 2.6 |
| db: | JVNDB | id: | JVNDB-2023-004643 | Trust: 0.8 |
| db: | CXSECURITY | id: | WLB-2023020047 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202302-2049 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-456033 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2023-26602 | Trust: 0.1 |
REFERENCES
| url: | http://packetstormsecurity.com/files/171137/asus-asmb8-ikvm-1.14.51-snmp-remote-root.html | Trust: 2.7 |
| url: | http://seclists.org/fulldisclosure/2023/feb/15 | Trust: 2.6 |
| url: | https://nwsec.de/nwssa-002-2023.txt | Trust: 2.6 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2023-26602 | Trust: 0.8 |
| url: | https://cxsecurity.com/issue/wlb-2023020047 | Trust: 0.6 |
| url: | https://cxsecurity.com/cveshow/cve-2023-26602/ | Trust: 0.6 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
CREDITS
d1g
Trust: 0.6
SOURCES
| db: | VULHUB | id: | VHN-456033 |
| db: | VULMON | id: | CVE-2023-26602 |
| db: | JVNDB | id: | JVNDB-2023-004643 |
| db: | CNNVD | id: | CNNVD-202302-2049 |
| db: | NVD | id: | CVE-2023-26602 |
LAST UPDATE DATE
2024-08-14T13:52:42.231000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-456033 | date: | 2023-03-07T00:00:00 |
| db: | VULMON | id: | CVE-2023-26602 | date: | 2023-02-28T00:00:00 |
| db: | JVNDB | id: | JVNDB-2023-004643 | date: | 2023-11-01T01:39:00 |
| db: | CNNVD | id: | CNNVD-202302-2049 | date: | 2023-03-08T00:00:00 |
| db: | NVD | id: | CVE-2023-26602 | date: | 2023-03-07T19:07:11.717 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-456033 | date: | 2023-02-26T00:00:00 |
| db: | VULMON | id: | CVE-2023-26602 | date: | 2023-02-26T00:00:00 |
| db: | JVNDB | id: | JVNDB-2023-004643 | date: | 2023-11-01T00:00:00 |
| db: | CNNVD | id: | CNNVD-202302-2049 | date: | 2023-02-26T00:00:00 |
| db: | NVD | id: | CVE-2023-26602 | date: | 2023-02-26T20:15:10.697 |