CVE-2023-49897

HIGH

CVSS v3

8.8

HIGH

EPSS Score

33.6%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product.

Technical Details

Published
12/6/2023

Frequently Asked Questions

What is CVE-2023-49897?

An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product.

Is CVE-2023-49897 actively exploited?

Active exploitation of CVE-2023-49897 has not been confirmed. The EPSS score is 33.6%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2023-49897?

CVE-2023-49897 has a CVSS v3 base score of 8.8 (HIGH severity).

Is CVE-2023-49897 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.