CVE-2023-41779

There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed.

CVSS v3 4.4 MEDIUM

4.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404	Vendor Advisory
https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:zte:zxcloud_irai:*:*:*:*:*:*:*:*

cpe:2.3:a:zte:zxcloud_irai:-:*:*:*:*:*:*:*

History

28 Jan 2025, 15:36

Type	Values Removed	Values Added
CPE	cpe:2.3:o:zte:zxcloud_irai_firmware:::::::: cpe:2.3:h:zte:zxcloud_irai:-:::::::*	cpe:2.3:a:zte:zxcloud_irai:-:::::::* cpe:2.3:a:zte:zxcloud_irai::::::::

Information

Published : 2024-01-03 02:15

Updated : 2025-01-28 15:36

NVD link : CVE-2023-41779

Mitre link : CVE-2023-41779

CVE.ORG link : CVE-2023-41779

JSON object : View

Products Affected

zte

zxcloud_irai

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-863

Incorrect Authorization

{"id": "CVE-2023-41779", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@zte.com.cn", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-01-03T02:15:43.217", "references": [{"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404", "tags": ["Vendor Advisory"], "source": "psirt@zte.com.cn"}, {"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1034404", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@zte.com.cn", "description": [{"lang": "en", "value": "CWE-119"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed.\n\n\n"}, {"lang": "es", "value": "Existe una vulnerabilidad de acceso ilegal a la memoria del producto ZXCLOUD iRAI de ZTE. Cuando la vulnerabilidad es explotada por un atacante con permiso de usuario com\u00fan, la m\u00e1quina f\u00edsica fallar\u00e1."}], "lastModified": "2025-01-28T15:36:03.663", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zte:zxcloud_irai:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E5C0A67-F7F1-40F3-BC1A-0F4F67495FB0", "versionEndExcluding": "7.23.32"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zte:zxcloud_irai:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "96352962-7748-44B8-9490-B95202771469"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@zte.com.cn"}