CVE-2023-28390

Summary

Privilege escalation vulnerability in SR-7100VN firmware Ver.1.38(N) and earlier and SR-7100VN #31 firmware Ver.1.21 and earlier allows a network-adjacent attacker with administrative privilege of the affected product to obtain an administrative privilege of the OS (Operating System). As a result, an arbitrary OS command may be executed.

Affected Software

VendorProductVersion RangeStatus
ICOM INCORPORATEDSR-7100VNSR-7100VN firmware Ver.1.38(N) and earlier, and SR-7100VN #31 firmware Ver.1.21 and earlieraffected

Weaknesses

  • Privilege escalation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References