First published: Tue Jan 17 2023(Updated: )
MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allow a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command.
Credit: vultures@jpcert.or.jp
Affected Software | Affected Version | How to fix |
---|---|---|
Ate-mahoroba Maho-pbx Netdevancer Firmware | <1.11.00 | |
Ate-mahoroba Maho-pbx Netdevancer | ||
Ate-mahoroba Maho-pbx Netdevancer Vsg Firmware | <1.11.00 | |
Ate-mahoroba Maho-pbx Netdevancer Vsg | ||
Ate-mahoroba Maho-pbx Netdevancer Mobilegate Firmware | <1.11.00 | |
Ate-mahoroba Maho-pbx Netdevancer Mobilegate | ||
Ate-mahoroba Maho-pbx Netdevancer Firmware | <1.11.00 | |
Ate-mahoroba Maho-pbx Netdevancer | ||
Ate-mahoroba Maho-pbx Netdevancer Firmware | <1.11.00 | |
Ate-mahoroba Maho-pbx Netdevancer | ||
Ate-mahoroba Maho-pbx Netdevancer Firmware | <1.11.00 | |
Ate-mahoroba Maho-pbx Netdevancer | ||
Ate-mahoroba Maho-pbx Netdevancer Vsg Firmware | <1.11.00 | |
Ate-mahoroba Maho-pbx Netdevancer Vsg | ||
Ate-mahoroba Maho-pbx Netdevancer Mobilegate Firmware | <1.11.00 | |
Ate-mahoroba Maho-pbx Netdevancer Mobilegate |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-22280 is a vulnerability in MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud and MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00 and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 that allows a remote authenticated attacker with administrative privilege to execute arbitrary OS commands.
The severity of CVE-2023-22280 is high with a CVSS score of 7.2.
CVE-2023-22280 affects MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00.
An attacker with an administrative privilege can exploit CVE-2023-22280 by executing arbitrary OS commands remotely.
To fix CVE-2023-22280, upgrade to Ver.1.11.00 or a later version of MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud, MAHO-PBX NetDevancer VSG Lite/Uni, or MAHO-PBX NetDevancer MobileGate Home/Office.