{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-49897","assignerOrgId":"ede6fdc4-6654-4307-a26d-3331c018e2ce","state":"PUBLISHED","assignerShortName":"jpcert","dateReserved":"2023-12-01T02:30:49.222Z","datePublished":"2023-12-06T06:49:41.752Z","dateUpdated":"2025-10-21T23:05:29.972Z"},"containers":{"cna":{"affected":[{"vendor":"FXC Inc.","product":"AE1021PE","versions":[{"version":"2.0.9 and earlier","status":"affected"}]},{"vendor":"FXC Inc.","product":"AE1021","versions":[{"version":"2.0.9 and earlier","status":"affected"}]}],"descriptions":[{"lang":"en","value":"An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product."}],"problemTypes":[{"descriptions":[{"description":"OS command injection","lang":"en","type":"text"}]}],"references":[{"url":"https://www.fxc.jp/news/20231206"},{"url":"https://jvn.jp/en/vu/JVNVU92152057/"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-23-355-01"},{"url":"https://www.akamai.com/blog/security-research/zero-day-vulnerability-spreading-mirai-patched"}],"providerMetadata":{"orgId":"ede6fdc4-6654-4307-a26d-3331c018e2ce","shortName":"jpcert","dateUpdated":"2023-12-22T04:06:04.193Z"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T22:09:48.211Z"},"title":"CVE Program Container","references":[{"url":"https://www.fxc.jp/news/20231206","tags":["x_transferred"]},{"url":"https://jvn.jp/en/vu/JVNVU92152057/","tags":["x_transferred"]},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-23-355-01","tags":["x_transferred"]},{"url":"https://www.akamai.com/blog/security-research/zero-day-vulnerability-spreading-mirai-patched","tags":["x_transferred"]}]},{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":8.8,"attackVector":"NETWORK","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"id":"CVE-2023-49897","role":"CISA Coordinator","options":[{"Exploitation":"active"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2023-12-20T05:00:54.981164Z"}}},{"other":{"type":"kev","content":{"dateAdded":"2023-12-21","reference":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-49897"}}}],"references":[{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-49897","tags":["government-resource"]}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-78","description":"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}],"timeline":[{"time":"2023-12-21T00:00:00.000Z","lang":"en","value":"CVE-2023-49897 added to CISA KEV"}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-21T23:05:29.972Z"}}]}}