CVE-2023-31446
CRITICALCVSS v3
9.8
CRITICAL
EPSS Score
92.7%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup.
Technical Details
- Published
- 1/10/2024
Frequently Asked Questions
What is CVE-2023-31446?
In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup.
Is CVE-2023-31446 actively exploited?
Active exploitation of CVE-2023-31446 has not been confirmed. The EPSS score is 92.7%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2023-31446?
CVE-2023-31446 has a CVSS v3 base score of 9.8 (CRITICAL severity).
Is CVE-2023-31446 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.