CVE-2023-40144
CVSS 3.1 Score 8.8 of 10 (high)
Details
Published Aug 23, 2023
Updated: Aug 29, 2023
CWE ID 78
Summary
CVE-2023-40144 is a newly disclosed OS command injection vulnerability affecting certain CBC products. This issue enables a remote, authenticated attacker to execute arbitrary OS commands or alter settings on the affected device. The precise list of impacted products and their versions can be found in the vendor's advisory. Unfortunately, multiple older product series, including NR4H, NR8H, NR16H, DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, and DR-4M41, are no longer supported and will not receive updates to address this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share