Vulnerability Description
Connected IO v2.1.0 and prior has a command as part of its communication protocol allowing the management platform to specify arbitrary OS commands for devices to execute. Attackers abusing this dangerous functionality may issue all devices OS commands to execute, resulting in arbitrary remote command execution.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Connectedio | Connected Io | <= 2.1.0 |
Related Weaknesses (CWE)
References
- https://claroty.com/team82/disclosure-dashboard/cve-2023-33374Third Party Advisory
- https://www.connectedio.com/products/routersProduct
- https://claroty.com/team82/disclosure-dashboard/cve-2023-33374Third Party Advisory
- https://www.connectedio.com/products/routersProduct
FAQ
What is CVE-2023-33374?
CVE-2023-33374 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Connected IO v2.1.0 and prior has a command as part of its communication protocol allowing the management platform to specify arbitrary OS commands for devices to execute. Attackers abusing this dange...
How severe is CVE-2023-33374?
CVE-2023-33374 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-33374?
Check the references section above for vendor advisories and patch information. Affected products include: Connectedio Connected Io.