PT-2023-3095 · Abb · Aspect-Enterprise Asp-Ent-X+19
Published
2023-06-01
·
Updated
2024-11-05
·
CVE-2023-0636
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
ASPECT®-Enterprise versions 3.0;0 through 3.07.0
NEXUS Series versions 3.0;0 through 3.07.0
MATRIX Series versions 3.0;0 through 3.07.1
Description
The issue is related to improper input validation, which allows command injection. This can enable a remote attacker to execute arbitrary code.
Recommendations
ASPECT®-Enterprise versions 3.0;0 through 3.07.0: Update to version 3.07.0 or later.
NEXUS Series versions 3.0;0 through 3.07.0: Update to version 3.07.0 or later.
MATRIX Series versions 3.0;0 through 3.07.1: Update to version 3.07.1 or later.
Fix
Command Injection
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Aspect-Enterprise Asp-Ent-X
Aspect-Enterprise
Matrix Series
Matrix Series Mat-X
Nexus Series
Nexus Series Nex-2X
Nexus Series Nexus-3-X
Aspect-Ent-12 Firmware
Aspect-Ent-256 Firmware
Aspect-Ent-2 Firmware
Aspect-Ent-96 Firmware
Matrix-11 Firmware
Matrix-216 Firmware
Matrix-232 Firmware
Matrix-264 Firmware
Matrix-296 Firmware
Nexus-2128-A Firmware
Nexus-264-A Firmware
Nexus-3-2128 Firmware
Nexus-3-264 Firmware