{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-33374", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-10-17T15:30:32.383Z", "dateReserved": "2023-05-22T00:00:00", "datePublished": "2023-08-04T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-08-04T00:00:00"}, "descriptions": [{"lang": "en", "value": "Connected IO v2.1.0 and prior has a command as part of its communication protocol allowing the management platform to specify arbitrary OS commands for devices to execute. Attackers abusing this dangerous functionality may issue all devices OS commands to execute, resulting in arbitrary remote command execution."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.connectedio.com/products/routers"}, {"url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-33374"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:47:05.257Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.connectedio.com/products/routers", "tags": ["x_transferred"]}, {"url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-33374", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-17T15:30:23.597355Z", "id": "CVE-2023-33374", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-17T15:30:32.383Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.connectedio.com/products/routers", "tags": ["x_transferred"]}, {"url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-33374", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:47:05.257Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-33374", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-17T15:30:23.597355Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-17T15:30:28.089Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.connectedio.com/products/routers"}, {"url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-33374"}], "descriptions": [{"lang": "en", "value": "Connected IO v2.1.0 and prior has a command as part of its communication protocol allowing the management platform to specify arbitrary OS commands for devices to execute. Attackers abusing this dangerous functionality may issue all devices OS commands to execute, resulting in arbitrary remote command execution."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-08-04T00:00:00"}}}, "cveMetadata": {"cveId": "CVE-2023-33374", "state": "PUBLISHED", "dateUpdated": "2024-10-17T15:30:32.383Z", "dateReserved": "2023-05-22T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-08-04T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:connectedio:connected_io:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF690623-7129-4811-9897-90ECE1F8DFDA", "versionEndIncluding": "2.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Connected IO v2.1.0 and prior has a command as part of its communication protocol allowing the management platform to specify arbitrary OS commands for devices to execute. Attackers abusing this dangerous functionality may issue all devices OS commands to execute, resulting in arbitrary remote command execution."}, {"lang": "es", "value": "Connected IO v2.1.0 y anteriores tiene un comando como parte de su protocolo de comunicaci\u00f3n que permite a la plataforma de gesti\u00f3n especificar comandos de SO arbitrarios para que los dispositivos los ejecuten. Los atacantes que abusen de esta peligrosa funcionalidad pueden enviar a todos los dispositivos comandos del sistema operativo para su ejecuci\u00f3n, lo que resulta en la ejecuci\u00f3n remota de comandos arbitrarios.\n"}], "id": "CVE-2023-33374", "lastModified": "2024-11-21T08:05:30.293", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-04T18:15:12.183", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-33374"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.connectedio.com/products/routers"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-33374"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://www.connectedio.com/products/routers"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}