CVE-2023-39548 | ByteOS Network

Vulnerability Details :

CVE-2023-39548

Assigner-NEC

Assigner Org ID-f2760a35-e0d8-4637-ac4c-cc1a2de3e282

Published At-17 Nov, 2023 | 05:31

Updated At-02 Dec, 2024 | 18:52

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.

EPSS History

Score

Latest Score

-

N/A

Percentile

Latest Percentile

-

N/A

▼Common Vulnerabilities and Exposures (CVE)

Assigner:NEC

Assigner Org ID:f2760a35-e0d8-4637-ac4c-cc1a2de3e282

Published At:17 Nov, 2023 | 05:31

Updated At:02 Dec, 2024 | 18:52

▼CVE Numbering Authority (CNA)

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.

Affected Products

Vendor

NEC Corporation

Product

CLUSTERPRO X (EXPRESSCLUSTER X)

Versions

Affected

1.0, 2.0 2.1, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0 and 5.1

Vendor

NEC Corporation

Product

CLUSTERPRO X SingleServerSafe (EXPRESSCLUSTER X SingleServerSafe)

Versions

Affected

1.0, 2.0 2.1, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0 and 5.0

Problem Types

Type	CWE ID	Description
CWE	CWE-434	CWE-434 Unrestricted upload of file with dangerous type

Type: CWE

CWE ID: CWE-434

Description: CWE-434 Unrestricted upload of file with dangerous type

Credits

reporter

Mr. David Levard in Videotron.

References

Hyperlink	Resource
https://jpn.nec.com/security-info/secinfo/nv23-009_en.html	N/A

Hyperlink: https://jpn.nec.com/security-info/secinfo/nv23-009_en.html

Resource: N/A

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://jpn.nec.com/security-info/secinfo/nv23-009_en.html	x_transferred

Hyperlink: https://jpn.nec.com/security-info/secinfo/nv23-009_en.html

Resource:

x_transferred

2. CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

Source:psirt-info@cyber.jp.nec.com

Published At:17 Nov, 2023 | 06:15

Updated At:28 Dec, 2023 | 17:55

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 3.1

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CPE Matches

NEC Corporation

>>expresscluster_x>>1.0

cpe:2.3:a:nec:expresscluster_x:1.0:*:*:*:*:linux:*:*

NEC Corporation

>>expresscluster_x>>1.0

cpe:2.3:a:nec:expresscluster_x:1.0:*:*:*:*:windows:*:*

NEC Corporation

>>expresscluster_x>>2.0

cpe:2.3:a:nec:expresscluster_x:2.0:*:*:*:*:linux:*:*

NEC Corporation

>>expresscluster_x>>2.0

cpe:2.3:a:nec:expresscluster_x:2.0:*:*:*:*:windows:*:*

NEC Corporation

>>expresscluster_x>>2.1

cpe:2.3:a:nec:expresscluster_x:2.1:*:*:*:*:linux:*:*

NEC Corporation

>>expresscluster_x>>2.1

cpe:2.3:a:nec:expresscluster_x:2.1:*:*:*:*:windows:*:*

NEC Corporation

>>expresscluster_x>>3.0

cpe:2.3:a:nec:expresscluster_x:3.0:*:*:*:*:linux:*:*

NEC Corporation

>>expresscluster_x>>3.0

cpe:2.3:a:nec:expresscluster_x:3.0:*:*:*:*:windows:*:*

NEC Corporation

>>expresscluster_x>>3.1

cpe:2.3:a:nec:expresscluster_x:3.1:*:*:*:*:linux:*:*

NEC Corporation

>>expresscluster_x>>3.1

cpe:2.3:a:nec:expresscluster_x:3.1:*:*:*:*:windows:*:*

NEC Corporation

>>expresscluster_x>>3.2

cpe:2.3:a:nec:expresscluster_x:3.2:*:*:*:*:linux:*:*

NEC Corporation

>>expresscluster_x>>3.2

cpe:2.3:a:nec:expresscluster_x:3.2:*:*:*:*:windows:*:*

NEC Corporation

>>expresscluster_x>>3.3

cpe:2.3:a:nec:expresscluster_x:3.3:*:*:*:*:linux:*:*

NEC Corporation

>>expresscluster_x>>3.3

cpe:2.3:a:nec:expresscluster_x:3.3:*:*:*:*:windows:*:*

NEC Corporation

>>expresscluster_x>>4.0

cpe:2.3:a:nec:expresscluster_x:4.0:*:*:*:*:linux:*:*

NEC Corporation

>>expresscluster_x>>4.0

cpe:2.3:a:nec:expresscluster_x:4.0:*:*:*:*:windows:*:*

NEC Corporation

>>expresscluster_x>>4.1

cpe:2.3:a:nec:expresscluster_x:4.1:*:*:*:*:linux:*:*

NEC Corporation

>>expresscluster_x>>4.1

cpe:2.3:a:nec:expresscluster_x:4.1:*:*:*:*:windows:*:*

NEC Corporation

>>expresscluster_x>>4.2

cpe:2.3:a:nec:expresscluster_x:4.2:*:*:*:*:linux:*:*

NEC Corporation

>>expresscluster_x>>4.2

cpe:2.3:a:nec:expresscluster_x:4.2:*:*:*:*:windows:*:*

NEC Corporation

>>expresscluster_x>>4.3

cpe:2.3:a:nec:expresscluster_x:4.3:*:*:*:*:linux:*:*

NEC Corporation

>>expresscluster_x>>4.3

cpe:2.3:a:nec:expresscluster_x:4.3:*:*:*:*:windows:*:*

NEC Corporation

>>expresscluster_x>>5.0

cpe:2.3:a:nec:expresscluster_x:5.0:*:*:*:*:linux:*:*

NEC Corporation

>>expresscluster_x>>5.0

cpe:2.3:a:nec:expresscluster_x:5.0:*:*:*:*:windows:*:*

NEC Corporation

>>expresscluster_x>>5.1

cpe:2.3:a:nec:expresscluster_x:5.1:*:*:*:*:linux:*:*

NEC Corporation

>>expresscluster_x>>5.1

cpe:2.3:a:nec:expresscluster_x:5.1:*:*:*:*:windows:*:*

NEC Corporation

>>expresscluster_x_singleserversafe>>1.0

cpe:2.3:a:nec:expresscluster_x_singleserversafe:1.0:*:*:*:*:linux:*:*

NEC Corporation

>>expresscluster_x_singleserversafe>>1.0

cpe:2.3:a:nec:expresscluster_x_singleserversafe:1.0:*:*:*:*:windows:*:*

NEC Corporation

>>expresscluster_x_singleserversafe>>2.0

cpe:2.3:a:nec:expresscluster_x_singleserversafe:2.0:*:*:*:*:linux:*:*

NEC Corporation

>>expresscluster_x_singleserversafe>>2.0

cpe:2.3:a:nec:expresscluster_x_singleserversafe:2.0:*:*:*:*:windows:*:*

NEC Corporation

>>expresscluster_x_singleserversafe>>2.1

cpe:2.3:a:nec:expresscluster_x_singleserversafe:2.1:*:*:*:*:linux:*:*

NEC Corporation

>>expresscluster_x_singleserversafe>>2.1

cpe:2.3:a:nec:expresscluster_x_singleserversafe:2.1:*:*:*:*:windows:*:*

NEC Corporation

>>expresscluster_x_singleserversafe>>3.0

cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.0:*:*:*:*:linux:*:*

NEC Corporation

>>expresscluster_x_singleserversafe>>3.0

cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.0:*:*:*:*:windows:*:*

NEC Corporation

>>expresscluster_x_singleserversafe>>3.1

cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.1:*:*:*:*:linux:*:*

NEC Corporation

>>expresscluster_x_singleserversafe>>3.1

cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.1:*:*:*:*:windows:*:*

NEC Corporation

>>expresscluster_x_singleserversafe>>3.2

cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.2:*:*:*:*:linux:*:*

NEC Corporation

>>expresscluster_x_singleserversafe>>3.2

cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.2:*:*:*:*:windows:*:*

NEC Corporation

>>expresscluster_x_singleserversafe>>3.3

cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.3:*:*:*:*:linux:*:*

NEC Corporation

>>expresscluster_x_singleserversafe>>3.3

cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.3:*:*:*:*:windows:*:*

NEC Corporation

>>expresscluster_x_singleserversafe>>4.0

cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.0:*:*:*:*:linux:*:*

NEC Corporation

>>expresscluster_x_singleserversafe>>4.0

cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.0:*:*:*:*:windows:*:*

NEC Corporation

>>expresscluster_x_singleserversafe>>4.1

cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.1:*:*:*:*:linux:*:*

NEC Corporation

>>expresscluster_x_singleserversafe>>4.1

cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.1:*:*:*:*:windows:*:*

NEC Corporation

>>expresscluster_x_singleserversafe>>4.2

cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.2:*:*:*:*:linux:*:*

NEC Corporation

>>expresscluster_x_singleserversafe>>4.2

cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.2:*:*:*:*:windows:*:*

NEC Corporation

>>expresscluster_x_singleserversafe>>4.3

cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.3:*:*:*:*:linux:*:*

NEC Corporation

>>expresscluster_x_singleserversafe>>4.3

cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.3:*:*:*:*:windows:*:*

NEC Corporation

>>expresscluster_x_singleserversafe>>5.0

cpe:2.3:a:nec:expresscluster_x_singleserversafe:5.0:*:*:*:*:linux:*:*

NEC Corporation

>>expresscluster_x_singleserversafe>>5.0

cpe:2.3:a:nec:expresscluster_x_singleserversafe:5.0:*:*:*:*:windows:*:*

Weaknesses

CWE ID	Type	Source
CWE-434	Primary	nvd@nist.gov
CWE-434	Secondary	psirt-info@cyber.jp.nec.com

CWE ID: CWE-434

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-434

Type: Secondary

Source: psirt-info@cyber.jp.nec.com

References

Hyperlink	Source	Resource
https://jpn.nec.com/security-info/secinfo/nv23-009_en.html	psirt-info@cyber.jp.nec.com	Patch Third Party Advisory

Hyperlink: https://jpn.nec.com/security-info/secinfo/nv23-009_en.html

Source: psirt-info@cyber.jp.nec.com

Resource:

Patch

Third Party Advisory