CVE-2023-42495

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 13, 2023

Updated: Dec 18, 2023

CWE ID 78

Summary

CVE-2023-42495 is a vulnerability affecting Dasan Networks' W-Web versions 1.22-1.27. This issue involves improper neutralization of special elements in OS commands, also known as OS Command Injection. Malicious actors can exploit this vulnerability by injecting malicious code into input fields, potentially leading to unauthorized system access or data theft. Users are advised to update their W-Web software as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sprlgI
https://www.cve.org/CVERecord?id=CVE-2023-42495
https://nvd.nist.gov/vuln/detail/CVE-2023-42495

Back to Vulnerability Database

CVE-2023-42495

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations