CVE-2023-3373
Summary
| CVE | CVE-2023-3373 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-08-04 00:15:00 UTC |
| Updated | 2023-08-10 14:59:00 UTC |
| Description | Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions 01.49.000 and prior allows a remote unauthenticated attacker to hijack data connections (session hijacking) or prevent legitimate users from establishing data connections (to cause DoS condition) by guessing the listening port of the data connection on FTP server and connecting to it. |
Risk And Classification
Problem Types: CWE-330
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Mitsubishielectric | Gs21 | - | All | All | All |
| Operating System | Mitsubishielectric | Gs21 Firmware | All | All | All | All |
| Hardware | Mitsubishielectric | Gt21 | - | All | All | All |
| Operating System | Mitsubishielectric | Gt21 Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Mitsubishi Electric GOT2000 and GOT SIMPLE | CISA | MISC | www.cisa.gov | |
| JVNVU#92167394: 三菱電機製GOT2000シリーズおよびGOT SIMPLEシリーズのFTPサーバ機能にデータコネクションを待ち受けるポート番号を容易に推測可能な脆弱性 | MISC | jvn.jp | |
| www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-006_en.pdf | MISC | www.mitsubishielectric.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.