CVE-2023-40144

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 23, 2023
Updated: Aug 29, 2023
CWE ID 78

Summary

CVE-2023-40144 is a newly disclosed OS command injection vulnerability affecting certain CBC products. This issue enables a remote, authenticated attacker to execute arbitrary OS commands or alter settings on the affected device. The precise list of impacted products and their versions can be found in the vendor's advisory. Unfortunately, multiple older product series, including NR4H, NR8H, NR16H, DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, and DR-4M41, are no longer supported and will not receive updates to address this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share