CVE-2023-49897
high-risk
Published 2023-12-06
An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product.
Do I need to act?
!
24.0% chance of exploitation in next 30 days
EPSS score — higher than 76% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (2)
Affected Vendors
References (9)
Third Party Advisory
https://jvn.jp/en/vu/JVNVU92152057/
Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-23-355-01
Release Notes
https://www.fxc.jp/news/20231206
Third Party Advisory
https://jvn.jp/en/vu/JVNVU92152057/
Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-23-355-01
Release Notes
https://www.fxc.jp/news/20231206
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-...
58
/ 100
high-risk
Severity
30/34 · Critical
Exploitability
21/34 · High
Exposure
7/34 · Low