CVE-2023-1731

Summary

In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands.

Affected Software

VendorProductVersion RangeStatus
MeinbergLTOS0.0.0 < 7.06.013affected

Weaknesses

  • CWE-434: CWE-434 Unrestricted Upload of File with Dangerous Type

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References