{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-45591", "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "state": "PUBLISHED", "assignerShortName": "Nozomi", "dateReserved": "2023-10-09T08:26:54.316Z", "datePublished": "2024-03-05T11:19:46.198Z", "dateUpdated": "2024-08-23T20:21:11.411Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "imx6 bundle", "vendor": "AiLux", "versions": [{"lessThan": "1.0.7-2", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Andrea Palanca of Nozomi Networks found this bug during a security research activity."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A CWE-122 \u201cHeap-based Buffer Overflow\u201d vulnerability in the \u201clogger_generic\u201d function of the \u201cAx_rtu\u201d binary allows a remote authenticated attacker to trigger a memory corruption in the context of the binary. This may result in a Denial-of-Service (DoS) condition, possibly in the execution of arbitrary code with the same privileges of the process (root), or have other unspecified impacts on the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2."}], "value": "A CWE-122 \u201cHeap-based Buffer Overflow\u201d vulnerability in the \u201clogger_generic\u201d function of the \u201cAx_rtu\u201d binary allows a remote authenticated attacker to trigger a memory corruption in the context of the binary. This may result in a Denial-of-Service (DoS) condition, possibly in the execution of arbitrary code with the same privileges of the process (root), or have other unspecified impacts on the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2."}], "impacts": [{"capecId": "CAPEC-92", "descriptions": [{"lang": "en", "value": "CAPEC-92 Forced Integer Overflow"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "shortName": "Nozomi", "dateUpdated": "2024-03-05T11:19:46.198Z"}, "references": [{"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45591"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:21:16.748Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45591", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "ailux", "product": "imx6_bundle", "cpes": ["cpe:2.3:a:ailux:imx6_bundle:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "1.0.7-2", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-05T19:21:33.401224Z", "id": "CVE-2023-45591", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-23T20:21:11.411Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45591", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:21:16.748Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-45591", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-03-05T19:21:33.401224Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ailux:imx6_bundle:*:*:*:*:*:*:*:*"], "vendor": "ailux", "product": "imx6_bundle", "versions": [{"status": "affected", "version": "0", "lessThan": "1.0.7-2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-23T20:21:07.766Z"}}], "cna": {"source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Andrea Palanca of Nozomi Networks found this bug during a security research activity."}], "impacts": [{"capecId": "CAPEC-92", "descriptions": [{"lang": "en", "value": "CAPEC-92 Forced Integer Overflow"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "AiLux", "product": "imx6 bundle", "versions": [{"status": "affected", "version": "0", "lessThan": "1.0.7-2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45591"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A CWE-122 \u201cHeap-based Buffer Overflow\u201d vulnerability in the \u201clogger_generic\u201d function of the \u201cAx_rtu\u201d binary allows a remote authenticated attacker to trigger a memory corruption in the context of the binary. This may result in a Denial-of-Service (DoS) condition, possibly in the execution of arbitrary code with the same privileges of the process (root), or have other unspecified impacts on the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.", "supportingMedia": [{"type": "text/html", "value": "A CWE-122 \u201cHeap-based Buffer Overflow\u201d vulnerability in the \u201clogger_generic\u201d function of the \u201cAx_rtu\u201d binary allows a remote authenticated attacker to trigger a memory corruption in the context of the binary. This may result in a Denial-of-Service (DoS) condition, possibly in the execution of arbitrary code with the same privileges of the process (root), or have other unspecified impacts on the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "shortName": "Nozomi", "dateUpdated": "2024-03-05T11:19:46.198Z"}}}, "cveMetadata": {"cveId": "CVE-2023-45591", "state": "PUBLISHED", "dateUpdated": "2024-08-23T20:21:11.411Z", "dateReserved": "2023-10-09T08:26:54.316Z", "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "datePublished": "2024-03-05T11:19:46.198Z", "assignerShortName": "Nozomi"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ailux:imx6:*:*:*:*:*:*:*:*", "matchCriteriaId": "0AC8BA0D-1588-4072-8BEA-464B1E76AF80", "versionEndExcluding": "1.0.7-2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A CWE-122 \u201cHeap-based Buffer Overflow\u201d vulnerability in the \u201clogger_generic\u201d function of the \u201cAx_rtu\u201d binary allows a remote authenticated attacker to trigger a memory corruption in the context of the binary. This may result in a Denial-of-Service (DoS) condition, possibly in the execution of arbitrary code with the same privileges of the process (root), or have other unspecified impacts on the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2."}, {"lang": "es", "value": "Una vulnerabilidad CWE-122 de \u201cdesbordamiento de b\u00fafer de almacenamiento din\u00e1mico\u201d en la funci\u00f3n \u201clogger_generic\u201d del binario \u201cAx_rtu\u201d permite que un atacante remoto autenticado desencadene una corrupci\u00f3n de memoria en el contexto del binario. Esto puede resultar en una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS), posiblemente en la ejecuci\u00f3n de c\u00f3digo arbitrario con los mismos privilegios del proceso (ra\u00edz), o tener otros impactos no especificados en el dispositivo. Este problema afecta: Paquete AiLux imx6 inferior a la versi\u00f3n imx6_1.0.7-2."}], "id": "CVE-2023-45591", "lastModified": "2025-04-10T20:35:32.530", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "prodsec@nozominetworks.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-05T12:15:45.833", "references": [{"source": "prodsec@nozominetworks.com", "tags": ["Third Party Advisory"], "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45591"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45591"}], "sourceIdentifier": "prodsec@nozominetworks.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "prodsec@nozominetworks.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}