CVE-2023-31446

CRITICAL

CVSS v3

9.8

CRITICAL

EPSS Score

92.7%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup.

Technical Details

Published
1/10/2024

Frequently Asked Questions

What is CVE-2023-31446?

In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup.

Is CVE-2023-31446 actively exploited?

Active exploitation of CVE-2023-31446 has not been confirmed. The EPSS score is 92.7%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2023-31446?

CVE-2023-31446 has a CVSS v3 base score of 9.8 (CRITICAL severity).

Is CVE-2023-31446 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.