CVE-2023-5142: H3C ER6300G2 Config File userLogin.asp path traversal
First published: Sun Sep 24 2023(Updated: )
A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file /userLogin.asp of the component Config File Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-240238 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| H3c Gr-1100-p Firmware | <=20230908 | |
| H3C GR-1100-P | ||
| H3c Gr-1108-p Firmware | <=20230908 | |
| H3c Gr-1108-p | ||
| H3c Gr-1200w Firmware | <=20230908 | |
| H3C GR-1200W | ||
| H3c Gr-1800ax Firmware | <=20230908 | |
| H3c Gr-1800ax | ||
| H3c Gr-2200 Firmware | <=20230908 | |
| H3c Gr-2200 | ||
| H3c Gr-3200 Firmware | <=20230908 | |
| H3c Gr-3200 | ||
| H3c Gr-5200 Firmware | <=20230908 | |
| H3c Gr-5200 | ||
| H3c Gr-8300 Firmware | <=20230908 | |
| H3c Gr-8300 | ||
| H3c Er3260g2 Firmware | <=20230908 | |
| H3c Er3260g2 | ||
| H3c Er5200g2 Firmware | <=20230908 | |
| H3c Er5200g2 | ||
| H3c Er3200g2 Firmware | <=20230908 | |
| H3c Er3200g2 | ||
| H3c Er2100n Firmware | <=20230908 | |
| H3c Er2100n | ||
| H3c Er6300g2 Firmware | <=20230908 | |
| H3c Er6300g2 | ||
| H3c Er5100g2 Firmware | <=20230908 | |
| H3c Er5100g2 | ||
| H3c Er2200g2 Firmware | <=20230908 | |
| H3c Er2200g2 | ||
| All of | ||
| H3c Gr-1100-p Firmware | <=20230908 | |
| H3C GR-1100-P | ||
| All of | ||
| H3c Gr-1108-p Firmware | <=20230908 | |
| H3c Gr-1108-p | ||
| All of | ||
| H3c Gr-1200w Firmware | <=20230908 | |
| H3C GR-1200W | ||
| All of | ||
| H3c Gr-1800ax Firmware | <=20230908 | |
| H3c Gr-1800ax | ||
| All of | ||
| H3c Gr-2200 Firmware | <=20230908 | |
| H3c Gr-2200 | ||
| All of | ||
| H3c Gr-3200 Firmware | <=20230908 | |
| H3c Gr-3200 | ||
| All of | ||
| H3c Gr-5200 Firmware | <=20230908 | |
| H3c Gr-5200 | ||
| All of | ||
| H3c Gr-8300 Firmware | <=20230908 | |
| H3c Gr-8300 | ||
| All of | ||
| H3c Er3260g2 Firmware | <=20230908 | |
| H3c Er3260g2 | ||
| All of | ||
| H3c Er5200g2 Firmware | <=20230908 | |
| H3c Er5200g2 | ||
| All of | ||
| H3c Er3200g2 Firmware | <=20230908 | |
| H3c Er3200g2 | ||
| All of | ||
| H3c Er2100n Firmware | <=20230908 | |
| H3c Er2100n | ||
| All of | ||
| H3c Er6300g2 Firmware | <=20230908 | |
| H3c Er6300g2 | ||
| All of | ||
| H3c Er5100g2 Firmware | <=20230908 | |
| H3c Er5100g2 | ||
| All of | ||
| H3c Er2200g2 Firmware | <=20230908 | |
| H3c Er2200g2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-5142?
The severity of CVE-2023-5142 is medium, with a severity value of 5.3.
What software is affected by CVE-2023-5142?
The following H3C devices are affected by CVE-2023-5142: GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2, and ER6300G2.
How can I fix the vulnerability in CVE-2023-5142?
Currently, there is no known fix or patch available for the vulnerability in CVE-2023-5142. It is recommended to monitor the vendor's website for updates or contact them for further instructions.
What is the Common Weakness Enumeration (CWE) of CVE-2023-5142?
The Common Weakness Enumeration (CWE) of CVE-2023-5142 is CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')).
Where can I find more information about CVE-2023-5142?
You can find more information about CVE-2023-5142 on the following references: [GitHub](https://github.com/CJCniubi666/H3C-ER/blob/main/README.md), [GitHub](https://github.com/yinsel/CVE-H3C-Report), [VulDB](https://vuldb.com/?ctiid.240238).
- collector/nvd-index
- agent/references
- agent/author
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/title
- agent/last-modified-date
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/tags
- vendor/h3c
- canonical/h3c gr-1100-p firmware
- version/h3c gr-1100-p firmware/20230908
- canonical/h3c gr-1100-p
- canonical/h3c gr-1108-p firmware
- version/h3c gr-1108-p firmware/20230908
- canonical/h3c gr-1108-p
- canonical/h3c gr-1200w firmware
- version/h3c gr-1200w firmware/20230908
- canonical/h3c gr-1200w
- canonical/h3c gr-1800ax firmware
- version/h3c gr-1800ax firmware/20230908
- canonical/h3c gr-1800ax
- canonical/h3c gr-2200 firmware
- version/h3c gr-2200 firmware/20230908
- canonical/h3c gr-2200
- canonical/h3c gr-3200 firmware
- version/h3c gr-3200 firmware/20230908
- canonical/h3c gr-3200
- canonical/h3c gr-5200 firmware
- version/h3c gr-5200 firmware/20230908
- canonical/h3c gr-5200
- canonical/h3c gr-8300 firmware
- version/h3c gr-8300 firmware/20230908
- canonical/h3c gr-8300
- canonical/h3c er3260g2 firmware
- version/h3c er3260g2 firmware/20230908
- canonical/h3c er3260g2
- canonical/h3c er5200g2 firmware
- version/h3c er5200g2 firmware/20230908
- canonical/h3c er5200g2
- canonical/h3c er3200g2 firmware
- version/h3c er3200g2 firmware/20230908
- canonical/h3c er3200g2
- canonical/h3c er2100n firmware
- version/h3c er2100n firmware/20230908
- canonical/h3c er2100n
- canonical/h3c er6300g2 firmware
- version/h3c er6300g2 firmware/20230908
- canonical/h3c er6300g2
- canonical/h3c er5100g2 firmware
- version/h3c er5100g2 firmware/20230908
- canonical/h3c er5100g2
- canonical/h3c er2200g2 firmware
- version/h3c er2200g2 firmware/20230908
- canonical/h3c er2200g2