Remote Code Execution Vulnerability in Speed-Measurement Feature
CVE-2023-41917

10CRITICAL

Key Information:

Vendor: Kiloview
Status: P1/p2
Vendor: CVE Published:; 2 July 2024

What is CVE-2023-41917?

A security vulnerability exists due to inadequate input validation in the Speed-Measurement feature of the affected product. This flaw could allow an attacker to exploit the system by appending malicious shell commands, which can lead to unauthorized execution of code. Successful exploitation of this vulnerability could compromise the integrity and confidentiality of the affected systems, posing significant risks to users and organizations relying on the product. It is crucial for users to address this issue by implementing the necessary security patches and updates recommended by the vendor.

Affected Version(s)

P1/P2 All <= 4.8.2605

References

https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 2, 2024
Vulnerability Reserved
Sep 5, 2023

Kiloview

What is CVE-2023-41917?

Affected Version(s)

References

CVSS V3.1

Timeline