VDB
CVE-2023-28320
CVE-2023-28320
PUBLISHED
CVSS 9.300000190734863 CRITICAL
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
EPSS 0.64% · 71.0th percentile
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.64%
71.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Dell ECS <3.8.1.0 | |
| Dell | Dell PowerProtect Data Domain <8.1.0.0 | |
| Oracle | Oracle Linux | |
| Dell | Dell PowerProtect Data Domain <7.10.1.40 | |
| Xerox | Xerox FreeFlow Print Server v2 / Windows 10 | |
| HCL | HCL BigFix <10.0.10 | |
| Meinberg | Meinberg LANTIME <7.08.002 | |
| SUSE | SUSE Linux | |
| Dell | Dell Avamar | |
| RESF | RESF Rocky Linux | |
| Xerox | Xerox FreeFlow Print Server v9 | |
| Red Hat | Red Hat JBoss Core Services | |
| IBM | IBM Spectrum Protect Plus <10.1.16.3 | |
| Gentoo | Gentoo Linux | |
| Open Source | Open Source libcurl <8.1.0 | |
| IBM | IBM QRadar SIEM 7.5 | |
| Red Hat | Red Hat Enterprise Linux | |
| Xerox | Xerox FreeFlow Print Server v9 for Solaris | |
| IBM | IBM Rational ClearCase <9.1.0.5 | |
| Dell | Dell PowerProtect Data Domain OS |
…and 20 more
Exploit Intelligence
- CVE-2008-5161 OpenSSH 4.7p1 Audit Helper Automates version checking and credential auditing of legacy OpenSSH 4.7p1 (Debian-8ubuntu1) targets by driving Metasploit’s auxiliary/scanner/ssh/ssh_login module from Python via pwntools. (github-poc)
- CVE-2008-5161 OpenSSH 4.7p1 Audit Helper Automates version checking and credential auditing of legacy OpenSSH 4.7p1 (Debian-8ubuntu1) targets by driving Metasploit’s auxiliary/scanner/ssh/ssh_login module from Python via pwntools. (github-poc)
- CVE-2008-5161 OpenSSH 4.7p1 Audit Helper Automates version checking and credential auditing of legacy OpenSSH 4.7p1 (Debian-8ubuntu1) targets by driving Metasploit’s auxiliary/scanner/ssh/ssh_login module from Python via pwntools. (github-poc)
- CVE-2008-5161 OpenSSH 4.7p1 Audit Helper Automates version checking and credential auditing of legacy OpenSSH 4.7p1 (Debian-8ubuntu1) targets by driving Metasploit’s auxiliary/scanner/ssh/ssh_login module from Python via pwntools. (github-poc)
- CVE-2008-5161 OpenSSH 4.7p1 Audit Helper Automates version checking and credential auditing of legacy OpenSSH 4.7p1 (Debian-8ubuntu1) targets by driving Metasploit’s auxiliary/scanner/ssh/ssh_login module from Python via pwntools. (github-poc)
- CVE-2008-5161 OpenSSH 4.7p1 Audit Helper Automates version checking and credential auditing of legacy OpenSSH 4.7p1 (Debian-8ubuntu1) targets by driving Metasploit’s auxiliary/scanner/ssh/ssh_login module from Python via pwntools. (github-poc)
- CVE-2008-5161 OpenSSH 4.7p1 Audit Helper Automates version checking and credential auditing of legacy OpenSSH 4.7p1 (Debian-8ubuntu1) targets by driving Metasploit’s auxiliary/scanner/ssh/ssh_login module from Python via pwntools. (github-poc)
- CVE-2008-5161 OpenSSH 4.7p1 Audit Helper Automates version checking and credential auditing of legacy OpenSSH 4.7p1 (Debian-8ubuntu1) targets by driving Metasploit’s auxiliary/scanner/ssh/ssh_login module from Python via pwntools. (github-poc)
- CVE-2008-5161 OpenSSH 4.7p1 Audit Helper Automates version checking and credential auditing of legacy OpenSSH 4.7p1 (Debian-8ubuntu1) targets by driving Metasploit’s auxiliary/scanner/ssh/ssh_login module from Python via pwntools. (github-poc)
- CVE-2023-28320 - siglongjmp race condition (hackerone)
…and 33 more exploits
Timeline
- CVE Published
- May 17, 2023 PoC Published
- May 26, 2023 PoC Published
- May 27, 2023 EPSS Score
- Jul 2, 2023 EPSS Score
- Aug 7, 2023 EPSS Score
- Oct 19, 2023 EPSS Score
- Nov 24, 2023 EPSS Score
- Dec 30, 2023 EPSS Score
- Feb 4, 2024 EPSS Score
- Mar 11, 2024 EPSS Score
- May 23, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1614.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1614 advisory
- https://de.tenable.com/security/tns-2023-34 advisory
- https://de.tenable.com/security/tns-2023-23 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2917.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2917 advisory
- https://securitydocs.business.xerox.com/wp-content/uploads/2023/11/XRX23-016_FFPSv7-S10_MediaInstall_Nov2023.pdf advisory
- https://securitydocs.business.xerox.com/wp-content/uploads/2023/11/XRX23-017_FFPSv7-S11_MediaInstall_Nov2023.pdf advisory
- https://security.business.xerox.com/wp-content/uploads/2023/11/Xerox-Security-Bulletin-XRX23-019-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf advisory
- https://securitydocs.business.xerox.com/wp-content/uploads/2023/11/XRX23-021_FFPSv2_Win10_SecurityBulletin_Nov2023.pdf advisory
- https://security.business.xerox.com/wp-content/uploads/2023/11/XRX23-022_FFPSv9-S11_MediaInstall_Nov2023.pdf advisory
- https://security.business.xerox.com/wp-content/uploads/2024/03/Xerox-Security-Bulletin-XRX24-005-Xerox-FreeFlow%C2%AE-Print-Server-v9_Feb-2024.pdf advisory
- https://security.business.xerox.com/wp-content/uploads/2024/03/Xerox%C2%AE-Security-Bulletin-XRX24-001-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-November/019796.html advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3HI2RC7AJAHY74Q6MK7GNGWU6TITB22V/ advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0794.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0794 advisory
- https://www.dell.com/support/kbdoc/000223839/dsa-2024-= advisory
- https://www.dell.com/support/kbdoc/en-us/000209268/dsa-2023-014-dell-poweredge-server-security-update-for-intel-february-2023-security-advisories-2023-1-ipu advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1237.json advisory
…and 58 more