CVE-2023-48249
CVE-2023-48249
The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.
By abusing this vulnerability, it is possible to steal session cookies of other active users.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Productos afectados
Rexroth · Nexo cordless nutrunner NXA011S-36V (0608842011)Rexroth · Nexo cordless nutrunner NXA011S-36V-B (0608842012)Rexroth · Nexo cordless nutrunner NXA015S-36V (0608842001)Rexroth · Nexo cordless nutrunner NXA015S-36V-B (0608842006)Rexroth · Nexo cordless nutrunner NXA030S-36V (0608842002)Rexroth · Nexo cordless nutrunner NXA030S-36V-B (0608842007)Rexroth · Nexo cordless nutrunner NXA050S-36V (0608842003)Rexroth · Nexo cordless nutrunner NXA050S-36V-B (0608842008)Rexroth · Nexo cordless nutrunner NXA065S-36V (0608842013)Rexroth · Nexo cordless nutrunner NXA065S-36V-B (0608842014)Rexroth · Nexo cordless nutrunner NXP012QD-36V (0608842005)Rexroth · Nexo cordless nutrunner NXP012QD-36V-B (0608842010)Rexroth · Nexo cordless nutrunner NXV012T-36V (0608842015)Rexroth · Nexo cordless nutrunner NXV012T-36V-B (0608842016)Rexroth · Nexo special cordless nutrunner (0608PE2272)Rexroth · Nexo special cordless nutrunner (0608PE2301)Rexroth · Nexo special cordless nutrunner (0608PE2514)Rexroth · Nexo special cordless nutrunner (0608PE2515)Rexroth · Nexo special cordless nutrunner (0608PE2666)Rexroth · Nexo special cordless nutrunner (0608PE2673)¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →