Remote Code Execution Vulnerability in Firmware Could Lead to Integrity Modification
CVE-2023-41921

9.8CRITICAL

Key Information:

Vendor: Kiloview
Status: P1/p2
Vendor: CVE Published:; 2 July 2024

What is CVE-2023-41921?

A vulnerability exists that enables attackers to download source code or executable files from remote locations and execute them without adequate validation of the code's origin or integrity. This flaw poses significant risks as it allows attackers to alter firmware prior to uploading it onto systems, thereby compromising the target's integrity and potentially putting the system into an insecure state. Organizations using affected products should assess their exposure to this risk and implement necessary security measures.

Affected Version(s)

P1/P2 All <= 4.8.2605

References

https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 2, 2024
Vulnerability Reserved
Sep 5, 2023

Kiloview

What is CVE-2023-41921?

Affected Version(s)

References

CVSS V3.1

Timeline