CVE-2023-51127

{"id": "CVE-2023-51127", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-01-10T21:15:09.133", "references": [{"url": "https://github.com/risuxx/CVE-2023-51127", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "FLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal due to improper access restriction. This vulnerability allows an unauthenticated, remote attacker to obtain arbitrary sensitive file contents by uploading a specially crafted symbolic link file."}, {"lang": "es", "value": "Las c\u00e1maras con sensor t\u00e9rmico FLIR AX8 hasta la versi\u00f3n 1.46.16 incluida son vulnerables a Directory Traversal debido a una restricci\u00f3n de acceso inadecuada. Esta vulnerabilidad permite que un atacante remoto no autenticado obtenga contenidos de archivos confidenciales arbitrarios cargando un archivo de enlace simb\u00f3lico especialmente manipulado."}], "lastModified": "2024-01-17T22:16:06.427", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:flir:flir_ax8_firmware:1.46.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FF2D4C9-9444-4F42-8729-761A4C5B2670"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:flir:flir_ax8:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2A4DACB7-0558-4C74-8EDB-39591236ADEE"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}