[Japanese]

JVNDB-2023-000066

Multiple vulnerabilities in Aterm series

Overview

Aterm series provided by NEC Corporation contain multiple vulnerabilities listed below.

* Directory traversal (CWE-22) - CVE-2023-3330
* Directory traversal (CWE-22) - CVE-2023-3331
* Stored cross-site scripting (CWE-79) - CVE-2023-3332
* OS command injection (CWE-78) - CVE-2023-3333

Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 6.8 (Medium) [IPA Score]
  • Attack Vector: Adjacent Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
CVSS V2 Severity:
Base Metrics 7.7 (High) [IPA Score]
  • Access Vector: Adjacent Network
  • Access Complexity: Low
  • Authentication: Single Instance
  • Confidentiality Impact: Complete
  • Integrity Impact: Complete
  • Availability Impact: Complete
The above CVSS base scores have been assigned for CVE-2023-3333


CVSS V3 Severity:
Base Metrics 2.6 (Low) [IPA Score]
  • Attack Vector: Adjacent Network
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 2.3 (Low) [IPA Score]
  • Access Vector: Adjacent Network
  • Access Complexity: Medium
  • Authentication: Single
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2023-3330


CVSS V3 Severity:
Base Metrics 2.6 (Low) [IPA Score]
  • Attack Vector: Adjacent Network
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 2.3 (Low) [IPA Score]
  • Access Vector: Adjacent Network
  • Access Complexity: Medium
  • Authentication: Single
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2023-3331


CVSS V3 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Attack Vector: Adjacent Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 2.3 (Low) [IPA Score]
  • Access Vector: Adjacent Network
  • Access Complexity: Medium
  • Authentication: Single
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2023-3332
Affected Products


NEC Corporation
  • Aterm WF300HP all versions
  • Aterm WG1400HP all versions
  • Aterm WG1800HP all versions
  • Aterm WG1800HP2 all versions
  • Aterm WG2200HP all versions
  • Aterm WG2600HP all versions
  • Aterm WG2600HP2 all versions
  • Aterm WG300HP all versions
  • Aterm WG600HP all versions
  • Aterm WR8170N all versions
  • Aterm WR8175N all versions
  • Aterm WR8370N all versions
  • Aterm WR8600N all versions
  • Aterm WR8700N all versions
  • Aterm WR8750N all versions
  • Aterm WR9300N all versions
  • Aterm WR9500N all versions

Impact

* An authenticated attacker may obtain specific files in the product - CVE-2023-3330
* An authenticated attacker may delete specific files in the product - CVE-2023-3331
* After obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities, the attacker may execute an arbitrary script - CVE-2023-3332
* After obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities, the attacker may execute an arbitrary OS command with the root privilege - CVE-2023-3333
Solution

[Stop using the products]
The affected products are no longer supported. Stop using the vulnerable products and consider switching to alternatives.

[Apply a workaround]
The developer states there is no plan to provide firmware updates for Aterm WG2200HP, therefore recommends users to apply workarounds to mitigate the impacts of the vulnerabilities.

For details, refer to the information provided by the developer.
Vendor Information

NEC Corporation
CWE (What is CWE?)

  1. Path Traversal(CWE-22) [IPA Evaluation]
  2. OS Command Injection(CWE-78) [IPA Evaluation]
  3. Cross-site Scripting(CWE-79) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2023-3330
  2. CVE-2023-3331
  3. CVE-2023-3332
  4. CVE-2023-3333
References

  1. JVN : JVN#38343415
  2. National Vulnerability Database (NVD) : CVE-2023-3330
  3. National Vulnerability Database (NVD) : CVE-2023-3331
  4. National Vulnerability Database (NVD) : CVE-2023-3332
  5. National Vulnerability Database (NVD) : CVE-2023-3333
Revision History

  • [2023/06/27]
      Web page was published
  • [2023/07/07]
      Title was modified
      Overview was modified
      Affected Products : Products were added 
      Solution was modified
  • [2024/05/22]
      References : Contents were added