CVE-2023-3656

cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by an unauthenticated remote code execution vulnerability. This vulnerability can be triggered by an HTTP endpoint exposed to the network.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://doi.org/10.35011/ww2q-d522	Technical Description
https://www.cashit.at/	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:cashit:cashit\!:*:*:*:*:*:*:*:*

History

28 Dec 2023, 15:20

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-10-03 08:15

Updated : 2024-02-05 00:01

NVD link : CVE-2023-3656

Mitre link : CVE-2023-3656

CVE.ORG link : CVE-2023-3656

JSON object : View

Products Affected

cashit

cashit\!

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

CWE-749

Exposed Dangerous Method or Function

{"id": "CVE-2023-3656", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "office@cyberdanube.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-10-03T08:15:35.930", "references": [{"url": "https://doi.org/10.35011/ww2q-d522", "tags": ["Technical Description"], "source": "office@cyberdanube.com"}, {"url": "https://www.cashit.at/", "tags": ["Product"], "source": "office@cyberdanube.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}, {"type": "Secondary", "source": "office@cyberdanube.com", "description": [{"lang": "en", "value": "CWE-749"}, {"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "cashIT! - serving solutions. Devices from \"PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH\" to 03.A06rks 2023.02.37 are affected by an unauthenticated remote code execution vulnerability. This vulnerability can be triggered by an HTTP endpoint exposed to the network."}, {"lang": "es", "value": "cashIT! - serving solutions. Los dispositivos desde \"PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH\" hasta 03.A06rks 2023.02.37 se ven afectados por una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo no autenticado. Esta vulnerabilidad puede ser provocada por un endpoint HTTP expuesto a la red."}], "lastModified": "2023-12-28T15:20:34.697", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cashit:cashit\\!:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "038B664A-EFF6-480B-B33D-82D66205C2B9", "versionEndIncluding": "03.a06rks_2023.02.37"}], "operator": "OR"}]}], "sourceIdentifier": "office@cyberdanube.com"}