CVE-2023-39547

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-39547
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://jpn.nec.com/security-info/secinfo/nv23-009_en.html Patch Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nec:expresscluster_x:1.0:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x:1.0:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x:2.0:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x:2.0:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x:2.1:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x:2.1:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x:3.0:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x:3.0:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x:3.1:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x:3.1:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x:3.2:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x:3.2:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x:3.3:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x:3.3:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x:4.0:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x:4.0:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x:4.1:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x:4.1:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x:4.2:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x:4.2:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x:4.3:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x:4.3:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x:5.0:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x:5.0:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:1.0:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:1.0:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:2.0:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:2.0:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:2.1:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:2.1:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.0:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.0:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.1:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.1:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.2:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.2:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.3:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.3:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.0:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.0:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.1:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.1:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.2:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.2:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.3:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.3:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:5.0:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:5.0:*:*:*:*:windows:*:*
History

24 Nov 2023, 17:56

Type Values Removed Values Added
First Time Nec
Nec expresscluster X
Nec expresscluster X Singleserversafe
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8
CPE cpe:2.3:a:nec:expresscluster_x_singleserversafe:5.0:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.0:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.1:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x:3.2:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x:3.3:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.0:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:2.0:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.0:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x:3.1:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x:4.0:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.2:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.1:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.2:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x:3.0:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x:4.3:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x:3.0:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:2.0:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x:3.3:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.0:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x:3.1:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.3:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.1:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x:2.0:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x:4.3:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x:4.0:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.3:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.3:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x:2.1:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x:4.2:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x:1.0:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.1:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.2:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x:4.1:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x:5.0:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:1.0:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:4.3:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:5.0:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x:1.0:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x:4.1:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:3.2:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x:2.1:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:2.1:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x:3.2:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x:2.0:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x:5.0:*:*:*:*:linux:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:1.0:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x:4.2:*:*:*:*:windows:*:*
cpe:2.3:a:nec:expresscluster_x_singleserversafe:2.1:*:*:*:*:linux:*:*
References () https://jpn.nec.com/security-info/secinfo/nv23-009_en.html - () https://jpn.nec.com/security-info/secinfo/nv23-009_en.html - Patch, Third Party Advisory
CWE CWE-294

24 Nov 2023, 12:15

Type Values Removed Values Added
Summary CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.0 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.0 and earlier allows a attacker to log in to the product may execute an arbitrary command. CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.

17 Nov 2023, 06:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-11-17 06:15

Updated : 2023-12-10 15:26

NVD link : CVE-2023-39547

Mitre link : CVE-2023-39547

CVE.ORG link : CVE-2023-39547

JSON object : View

Products Affected

nec

  • expresscluster_x
  • expresscluster_x_singleserversafe
CWE
CWE-294

Authentication Bypass by Capture-replay