Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-1000

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-27 Apr, 2024 | 09:00
Updated At-02 Aug, 2024 | 05:32
Rejected At-
Credits

cyanomiko dcnnt-py Notification notifications.py main command injection

A vulnerability was found in cyanomiko dcnnt-py up to 0.9.0. It has been classified as critical. Affected is the function main of the file dcnnt/plugins/notifications.py of the component Notification Handler. The manipulation leads to command injection. It is possible to launch the attack remotely. Upgrading to version 0.9.1 is able to address this issue. The patch is identified as b4021d784a97e25151a5353aa763a741e9a148f5. It is recommended to upgrade the affected component. VDB-262230 is the identifier assigned to this vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:27 Apr, 2024 | 09:00
Updated At:02 Aug, 2024 | 05:32
Rejected At:
▼CVE Numbering Authority (CNA)
cyanomiko dcnnt-py Notification notifications.py main command injection

A vulnerability was found in cyanomiko dcnnt-py up to 0.9.0. It has been classified as critical. Affected is the function main of the file dcnnt/plugins/notifications.py of the component Notification Handler. The manipulation leads to command injection. It is possible to launch the attack remotely. Upgrading to version 0.9.1 is able to address this issue. The patch is identified as b4021d784a97e25151a5353aa763a741e9a148f5. It is recommended to upgrade the affected component. VDB-262230 is the identifier assigned to this vulnerability.

Affected Products
Vendor
cyanomiko
Product
dcnnt-py
Modules
  • Notification Handler
Versions
Affected
  • 0.1
  • 0.2
  • 0.3
  • 0.4
  • 0.5
  • 0.6
  • 0.7
  • 0.8
  • 0.9
Problem Types
TypeCWE IDDescription
CWECWE-77CWE-77 Command Injection
Type: CWE
CWE ID: CWE-77
Description: CWE-77 Command Injection
Metrics
VersionBase scoreBase severityVector
3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3.06.3MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2.06.5N/A
AV:N/AC:L/Au:S/C:P/I:P/A:P
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Version: 3.0
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Version: 2.0
Base score: 6.5
Base severity: N/A
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
tool
VulDB GitHub Commit Analyzer
Timeline
EventDate
Advisory disclosed2023-08-14 00:00:00
Countermeasure disclosed2023-08-14 00:00:00
VulDB entry created2024-04-27 02:00:00
VulDB entry last update2024-04-27 10:51:27
Event: Advisory disclosed
Date: 2023-08-14 00:00:00
Event: Countermeasure disclosed
Date: 2023-08-14 00:00:00
Event: VulDB entry created
Date: 2024-04-27 02:00:00
Event: VulDB entry last update
Date: 2024-04-27 10:51:27
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.262230
vdb-entry
technical-description
https://vuldb.com/?ctiid.262230
signature
permissions-required
https://github.com/cyanomiko/dcnnt-py/pull/23
issue-tracking
https://github.com/cyanomiko/dcnnt-py/commit/b4021d784a97e25151a5353aa763a741e9a148f5
patch
https://github.com/cyanomiko/dcnnt-py/releases/tag/0.9.1
patch
Hyperlink: https://vuldb.com/?id.262230
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/?ctiid.262230
Resource:
signature
permissions-required
Hyperlink: https://github.com/cyanomiko/dcnnt-py/pull/23
Resource:
issue-tracking
Hyperlink: https://github.com/cyanomiko/dcnnt-py/commit/b4021d784a97e25151a5353aa763a741e9a148f5
Resource:
patch
Hyperlink: https://github.com/cyanomiko/dcnnt-py/releases/tag/0.9.1
Resource:
patch
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.262230
vdb-entry
technical-description
x_transferred
https://vuldb.com/?ctiid.262230
signature
permissions-required
x_transferred
https://github.com/cyanomiko/dcnnt-py/pull/23
issue-tracking
x_transferred
https://github.com/cyanomiko/dcnnt-py/commit/b4021d784a97e25151a5353aa763a741e9a148f5
patch
x_transferred
https://github.com/cyanomiko/dcnnt-py/releases/tag/0.9.1
patch
x_transferred
Hyperlink: https://vuldb.com/?id.262230
Resource:
vdb-entry
technical-description
x_transferred
Hyperlink: https://vuldb.com/?ctiid.262230
Resource:
signature
permissions-required
x_transferred
Hyperlink: https://github.com/cyanomiko/dcnnt-py/pull/23
Resource:
issue-tracking
x_transferred
Hyperlink: https://github.com/cyanomiko/dcnnt-py/commit/b4021d784a97e25151a5353aa763a741e9a148f5
Resource:
patch
x_transferred
Hyperlink: https://github.com/cyanomiko/dcnnt-py/releases/tag/0.9.1
Resource:
patch
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:27 Apr, 2024 | 09:15
Updated At:04 Jun, 2024 | 19:17

A vulnerability was found in cyanomiko dcnnt-py up to 0.9.0. It has been classified as critical. Affected is the function main of the file dcnnt/plugins/notifications.py of the component Notification Handler. The manipulation leads to command injection. It is possible to launch the attack remotely. Upgrading to version 0.9.1 is able to address this issue. The patch is identified as b4021d784a97e25151a5353aa763a741e9a148f5. It is recommended to upgrade the affected component. VDB-262230 is the identifier assigned to this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Secondary2.06.5MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
Type: Secondary
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Type: Secondary
Version: 2.0
Base score: 6.5
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-77Primarycna@vuldb.com
CWE ID: CWE-77
Type: Primary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/cyanomiko/dcnnt-py/commit/b4021d784a97e25151a5353aa763a741e9a148f5cna@vuldb.com
N/A
https://github.com/cyanomiko/dcnnt-py/pull/23cna@vuldb.com
N/A
https://github.com/cyanomiko/dcnnt-py/releases/tag/0.9.1cna@vuldb.com
N/A
https://vuldb.com/?ctiid.262230cna@vuldb.com
N/A
https://vuldb.com/?id.262230cna@vuldb.com
N/A
Hyperlink: https://github.com/cyanomiko/dcnnt-py/commit/b4021d784a97e25151a5353aa763a741e9a148f5
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://github.com/cyanomiko/dcnnt-py/pull/23
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://github.com/cyanomiko/dcnnt-py/releases/tag/0.9.1
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?ctiid.262230
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?id.262230
Source: cna@vuldb.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

452Records found
CVE-2019-3920
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-8.8||HIGH
EPSS-10.18% / 93.03%
||
7 Day CHG~0.00%
Published-05 Mar, 2019 | 21:00
Updated-17 Sep, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to authenticated command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/device_Form?script/.

Action-Not Available
Vendor-Tenable, Inc.Nokia Corporation
Product-i-240w-q_gpon_ont_firmwarei-240w-q_gpon_ontAlcatel Lucent I-240W-Q GPON ONT
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-20659
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.29% / 51.90%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 18:48
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6400v2 before 1.0.4.84, R6700 before 1.0.2.8, R6700v3 before 1.0.4.84, R6900 before 1.0.2.8, and R7900 before 1.0.3.10.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6900_firmwarer7900_firmwarer6700r6400r6400_firmwarer6700_firmwarer7900r6900n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
  • Previous
  • 1
  • 2
  • ...
  • 8
  • 9
  • 10
  • Next
Details not found