Rewterz Threat Advisory – ICS: Multiple Rockwell Automation ThinManager Vulnerabilities
March 24, 2023Rewterz Threat Advisory -CVE-2023-28685 – Jenkins AbsInt a3 Plugin Vulnerability
March 24, 2023Rewterz Threat Advisory – ICS: Multiple Rockwell Automation ThinManager Vulnerabilities
March 24, 2023Rewterz Threat Advisory -CVE-2023-28685 – Jenkins AbsInt a3 Plugin Vulnerability
March 24, 2023Severity
High
Analysis Summary
CVE-2023-20097 CVSS:4.6
Cisco Access Point Software could allow a local authenticated attacker to execute arbitrary commands on the system, caused by improper input validation of commands. By sending a command with specially crafted arguments, an attacker could exploit this vulnerability to execute arbitrary commands with root privileges on the system.
CVE-2023-20056 CVSS:6.5
Cisco Access Point Software is vulnerable to a denial of service, caused by improper input validation of commands supplied by the user. By sending a specially crafted command, a local authenticated attacker could exploit this vulnerability to cause the device to reload spontaneously, and results in a denial of service condition.
CVE-2023-20112 CVSS:7.4
Cisco Access Point Software is vulnerable to a denial of service, caused by improper validation of certain parameters within 802.11 frames. By sending specially crafted parameters, a remote attacker could exploit this vulnerability to cause an unexpected reload, and results in a denial of service condition.
Impact
- Command Execution
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2022-48311
Affected Vendors
Cisco
Affected Products
- Cisco Aironet 1540 Series APs
- Cisco Aironet 1560 Series APs
- Cisco Aironet 1800 Series APs
- Cisco Aironet 2800 Series APs
- Cisco Catalyst 9100 APs
- Cisco Business 150 APs
- Cisco Business 151 Mesh Extenders
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.