PT-2023-27116 · N.V.K.Inter Co. · Ibsg
Published
2023-08-21
·
Updated
2024-10-03
·
CVE-2023-39809
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
N.V.K.INTER CO., LTD. (NVK) iBSG version 3.5
Description
A command injection issue was discovered, affecting the
system hostname parameter at the "/manage/network-basic.php" API endpoint. This allows for potential command injection attacks.Recommendations
For version 3.5, consider restricting access to the
/manage/network-basic.php API endpoint until a patch is available. As a temporary workaround, avoid using the system hostname parameter in this endpoint to minimize the risk of exploitation.Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibsg