{"dataType":"CVE_RECORD","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2023-43848","assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","dateUpdated":"2025-02-13T15:46:53.157Z","datePublished":"2024-05-28T18:19:09.807Z","dateReserved":"2023-09-25T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre","dateUpdated":"2024-05-28T18:19:10.117Z"},"descriptions":[{"lang":"en","value":"Incorrect access control in the firewall management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to alter local firewall settings of the device as if they were the administrator via HTTP POST request."}],"affected":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}],"references":[{"url":"https://github.com/setersora/pe6208"}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"n/a"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T19:52:11.892Z"},"title":"CVE Program Container","references":[{"url":"https://github.com/setersora/pe6208","tags":["x_transferred"]}]},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-284","lang":"en","description":"CWE-284 Improper Access Control"}]}],"affected":[{"vendor":"aten","product":"pe6208_firmware","cpes":["cpe:2.3:o:aten:pe6208_firmware:2.3.228:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"2.3.228","status":"affected"}]},{"vendor":"aten","product":"pe6208_firmware","cpes":["cpe:2.3:o:aten:pe6208_firmware:2.4.232:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"2.4.232","status":"affected"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":8,"attackVector":"ADJACENT_NETWORK","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-08-20T14:52:52.893301Z","id":"CVE-2023-43848","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-08-20T14:55:32.873Z"}}]},"dataVersion":"5.1"}