[Japanese]

JVNDB-2023-007152

Multiple vulnerabilities in EXPRESSCLUSTER X

Overview

WebManager/Cluster WebUI of EXPRESSCLUSTER X provided by NEC Corporation contains multiple vulnerabilities listed below.

* Missing authorization (CWE-862) - CVE-2023-39544
* Files or directories accessible to external parties (CWE-552) - CVE-2023-39545
* Use of password hash instead of password for authentication (CWE-836) - CVE-2023-39546
* Authentication bypass by Capture-replay (CWE-294) - CVE-2023-39547
* Unrestricted upload of file with dangerous type (CWE-434) - CVE-2023-39548
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 8.8 (High) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-39544


CVSS V3 Severity:
Base Metrics8.1 (High) [Other]
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-39548


CVSS V3 Severity:
Base Metrics7.8 (High) [Other]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2023-39545


CVSS V3 Severity:
Base Metrics7.5 (High) [Other]
  • Attack Vector: Adjacent Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-39547


CVSS V3 Severity:
Base Metrics7.4 (High) [Other]
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2023-39546
Affected Products


NEC Corporation
  • EXPRESSCLUSTER X 1.0
  • EXPRESSCLUSTER X 2.0
  • EXPRESSCLUSTER X 2.1
  • EXPRESSCLUSTER X 3.0
  • EXPRESSCLUSTER X 3.1
  • EXPRESSCLUSTER X 3.2
  • EXPRESSCLUSTER X 3.3
  • EXPRESSCLUSTER X 4.0
  • EXPRESSCLUSTER X 4.1
  • EXPRESSCLUSTER X 4.2
  • EXPRESSCLUSTER X 4.3
  • EXPRESSCLUSTER X 5.0
  • EXPRESSCLUSTER X 5.1
  • EXPRESSCLUSTER SingleServerSafe 1.0
  • EXPRESSCLUSTER SingleServerSafe 2.0
  • EXPRESSCLUSTER SingleServerSafe 2.1
  • EXPRESSCLUSTER SingleServerSafe 3.0
  • EXPRESSCLUSTER SingleServerSafe 3.1
  • EXPRESSCLUSTER SingleServerSafe 3.2
  • EXPRESSCLUSTER SingleServerSafe 3.3
  • EXPRESSCLUSTER SingleServerSafe 4.0
  • EXPRESSCLUSTER SingleServerSafe 4.1
  • EXPRESSCLUSTER SingleServerSafe 4.2
  • EXPRESSCLUSTER SingleServerSafe 4.3
  • EXPRESSCLUSTER SingleServerSafe 5.0
  • EXPRESSCLUSTER SingleServerSafe 5.1

The developer states that both the Windows edition and Linux edition are affected.
Impact

* An attacker who can log in to the product may execute an arbitrary command - CVE-2023-39544
* An attacker who can log in to the product may obtain files containing credentials via HTTP API - CVE-2023-39545
* A remote attacker may execute 'Pass The Hash Attack', and atempt to log in to the product's WebUI as an administrator - CVE-2023-39546
* A remote attacker may obtain the information such as configuration files - CVE-2023-39547
* A remote attacker may execute an arbitrary script with an administrative privilege - CVE-2023-39548
Solution

[Update the Software]
For EXPRESSCLUSTER X 5.x, update the software to the latest version according to the information provided by the developer.
The developer has released the following versions that contain fixes for the vulnerabilities.

* EXPRESSCLUSTER X 5.1.2
* EXPRESSCLUSTER X SingleServerSafe 5.1.2

[Apply the Patch]
For EXPRESSCLUSTER X 3.x and EXPRESSCLUSTER X 4.x, the developer has released patches that contain fixes for these vulnerabilities.

[Apply the Workaround]
Apply the following workarounds to avoid the impacts of these vulnerabilities.
* Disable "Enable WebManager Service" of WebManager/Cluster WebUI

In the case disabling WebManager Service is impossible, applying one of the following workarounds may mitigate the impacts of these vulnerabilities.
* Use firewall and block untrusted communication
* Allow connection requests to WebManager HTTP Port (Default: 29003/TCP) only from the trusted clients
* Set the communication scheme of WebManager/Cluster WebUI to HTTPS (for EXPRESSCLUSTER X 4.0 and later)

For more information, refer to the information provided by the developer.
Vendor Information

NEC Corporation
CWE (What is CWE?)

  1. Authentication Bypass by Capture-replay(CWE-294) [Other]
  2. Unrestricted Upload of File with Dangerous Type(CWE-434) [Other]
  3. Files or Directories Accessible to External Parties(CWE-552) [Other]
  4. Use of Password Hash Instead of Password for Authentication(CWE-836) [Other]
  5. Missing Authorization(CWE-862) [Other]
CVE (What is CVE?)

  1. CVE-2023-39544
  2. CVE-2023-39545
  3. CVE-2023-39546
  4. CVE-2023-39547
  5. CVE-2023-39548
References

  1. JVN : JVNVU#98954968
  2. National Vulnerability Database (NVD) : CVE-2023-39544
  3. National Vulnerability Database (NVD) : CVE-2023-39545
  4. National Vulnerability Database (NVD) : CVE-2023-39546
  5. National Vulnerability Database (NVD) : CVE-2023-39547
  6. National Vulnerability Database (NVD) : CVE-2023-39548
Revision History

  • [2023/11/20]
      Web page was published
  • [2024/05/01]
      References : Contents were added