CWE
22
Advisory Published
Updated

CVE-2023-5142: H3C ER6300G2 Config File userLogin.asp path traversal

First published: Sun Sep 24 2023(Updated: )

A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file /userLogin.asp of the component Config File Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-240238 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Credit: cna@vuldb.com cna@vuldb.com

Affected SoftwareAffected VersionHow to fix
H3c Gr-1100-p Firmware<=20230908
H3C GR-1100-P
H3c Gr-1108-p Firmware<=20230908
H3c Gr-1108-p
H3c Gr-1200w Firmware<=20230908
H3C GR-1200W
H3c Gr-1800ax Firmware<=20230908
H3C GR-1800AX
H3c Gr-2200 Firmware<=20230908
H3c Gr-2200
H3c Gr-3200 Firmware<=20230908
H3c Gr-3200
H3c Gr-5200 Firmware<=20230908
H3c Gr-5200
H3c Gr-8300 Firmware<=20230908
H3c Gr-8300
H3c Er3260g2 Firmware<=20230908
H3c Er3260g2
H3c Er5200g2 Firmware<=20230908
H3c Er5200g2
H3c Er3200g2 Firmware<=20230908
H3c Er3200g2
H3c Er2100n Firmware<=20230908
H3c Er2100n
H3c Er6300g2 Firmware<=20230908
H3c Er6300g2
H3c Er5100g2 Firmware<=20230908
H3c Er5100g2
H3c Er2200g2 Firmware<=20230908
H3c Er2200g2
All of
<=20230908
All of
<=20230908
All of
<=20230908
All of
<=20230908
All of
<=20230908
All of
<=20230908
All of
<=20230908
All of
<=20230908
All of
<=20230908
All of
<=20230908
All of
<=20230908
All of
<=20230908
All of
<=20230908
All of
<=20230908
All of
<=20230908

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the severity of CVE-2023-5142?

    The severity of CVE-2023-5142 is medium, with a severity value of 5.3.

  • What software is affected by CVE-2023-5142?

    The following H3C devices are affected by CVE-2023-5142: GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2, and ER6300G2.

  • How can I fix the vulnerability in CVE-2023-5142?

    Currently, there is no known fix or patch available for the vulnerability in CVE-2023-5142. It is recommended to monitor the vendor's website for updates or contact them for further instructions.

  • What is the Common Weakness Enumeration (CWE) of CVE-2023-5142?

    The Common Weakness Enumeration (CWE) of CVE-2023-5142 is CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')).

  • Where can I find more information about CVE-2023-5142?

    You can find more information about CVE-2023-5142 on the following references: [GitHub](https://github.com/CJCniubi666/H3C-ER/blob/main/README.md), [GitHub](https://github.com/yinsel/CVE-H3C-Report), [VulDB](https://vuldb.com/?ctiid.240238).

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203