First published: Sun Sep 24 2023(Updated: )
A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file /userLogin.asp of the component Config File Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-240238 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com cna@vuldb.com
Affected Software | Affected Version | How to fix |
---|---|---|
H3c Gr-1100-p Firmware | <=20230908 | |
H3C GR-1100-P | ||
H3c Gr-1108-p Firmware | <=20230908 | |
H3c Gr-1108-p | ||
H3c Gr-1200w Firmware | <=20230908 | |
H3C GR-1200W | ||
H3c Gr-1800ax Firmware | <=20230908 | |
H3C GR-1800AX | ||
H3c Gr-2200 Firmware | <=20230908 | |
H3c Gr-2200 | ||
H3c Gr-3200 Firmware | <=20230908 | |
H3c Gr-3200 | ||
H3c Gr-5200 Firmware | <=20230908 | |
H3c Gr-5200 | ||
H3c Gr-8300 Firmware | <=20230908 | |
H3c Gr-8300 | ||
H3c Er3260g2 Firmware | <=20230908 | |
H3c Er3260g2 | ||
H3c Er5200g2 Firmware | <=20230908 | |
H3c Er5200g2 | ||
H3c Er3200g2 Firmware | <=20230908 | |
H3c Er3200g2 | ||
H3c Er2100n Firmware | <=20230908 | |
H3c Er2100n | ||
H3c Er6300g2 Firmware | <=20230908 | |
H3c Er6300g2 | ||
H3c Er5100g2 Firmware | <=20230908 | |
H3c Er5100g2 | ||
H3c Er2200g2 Firmware | <=20230908 | |
H3c Er2200g2 | ||
All of | ||
<=20230908 | ||
All of | ||
<=20230908 | ||
All of | ||
<=20230908 | ||
All of | ||
<=20230908 | ||
All of | ||
<=20230908 | ||
All of | ||
<=20230908 | ||
All of | ||
<=20230908 | ||
All of | ||
<=20230908 | ||
All of | ||
<=20230908 | ||
All of | ||
<=20230908 | ||
All of | ||
<=20230908 | ||
All of | ||
<=20230908 | ||
All of | ||
<=20230908 | ||
All of | ||
<=20230908 | ||
All of | ||
<=20230908 | ||
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-5142 is medium, with a severity value of 5.3.
The following H3C devices are affected by CVE-2023-5142: GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2, and ER6300G2.
Currently, there is no known fix or patch available for the vulnerability in CVE-2023-5142. It is recommended to monitor the vendor's website for updates or contact them for further instructions.
The Common Weakness Enumeration (CWE) of CVE-2023-5142 is CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')).
You can find more information about CVE-2023-5142 on the following references: [GitHub](https://github.com/CJCniubi666/H3C-ER/blob/main/README.md), [GitHub](https://github.com/yinsel/CVE-H3C-Report), [VulDB](https://vuldb.com/?ctiid.240238).