CVE-2023-41349

ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack, resulting in sensitivity information leakage, or forcing the device to reset and permanent denial of service.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.twcert.org.tw/tw/cp-132-7371-aecf1-1.html	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:asus:rt-ax88u_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:asus:rt-ax88u:-:*:*:*:*:*:*:*

History

19 Sep 2023, 21:23

Type	Values Removed	Values Added
First Time		Asus rt-ax88u Asus rt-ax88u Firmware Asus
CPE		cpe:2.3:o:asus:rt-ax88u_firmware:::::::: cpe:2.3:h:asus:rt-ax88u:-:::::::*
References	~~(MISC) https://www.twcert.org.tw/tw/cp-132-7371-aecf1-1.html -~~	(MISC) https://www.twcert.org.tw/tw/cp-132-7371-aecf1-1.html - Third Party Advisory

18 Sep 2023, 13:27

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-09-18 03:15

Updated : 2023-12-10 15:14

NVD link : CVE-2023-41349

Mitre link : CVE-2023-41349

CVE.ORG link : CVE-2023-41349

JSON object : View

Products Affected

asus

rt-ax88u_firmware
rt-ax88u

CWE

CWE-134

Use of Externally-Controlled Format String

{"id": "CVE-2023-41349", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-09-18T03:15:08.113", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7371-aecf1-1.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-134"}]}], "descriptions": [{"lang": "en", "value": "\nASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack, resulting in sensitivity information leakage, or forcing the device to reset and permanent denial of service.\n\n"}, {"lang": "es", "value": "El router ASUS RT-AX88U tiene una vulnerabilidad de uso de cadenas de formato controlables externamente dentro de su funci\u00f3n Advanced Open VPN. Un atacante remoto autenticado puede aprovechar la configuraci\u00f3n de OpenVPN exportada para ejecutar un ataque de cadena de formato controlado externamente, lo que resulta en una fuga de informaci\u00f3n sensible o obliga al dispositivo a reiniciarse y a la denegaci\u00f3n de servicio permanente. "}], "lastModified": "2023-09-19T21:23:04.903", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:rt-ax88u_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "478237D3-96B5-45FA-8953-006AA06B5AE8", "versionEndExcluding": "3.0.0.4.388.23748"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:rt-ax88u:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BB91E047-5AE1-4CA0-9E67-84170D79770C"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "twcert@cert.org.tw"}