Vulnerability Description
A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to execute arbitrary SQL queries on the backend database via the filter parameter in requests to the /newapi/ endpoint in the Zultys MX web interface.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zultys | Mx-Se Firmware | < 16.0.4 |
| Zultys | Mx-Se | - |
| Zultys | Mx-Se Ii Firmware | < 16.0.4 |
| Zultys | Mx-Se Ii | - |
| Zultys | Mx-E Firmware | < 16.0.4 |
| Zultys | Mx-E | - |
| Zultys | Mx-Virtual Firmware | < 16.0.4 |
| Zultys | Mx-Virtual | - |
| Zultys | Mx250 Firmware | < 16.0.4 |
| Zultys | Mx250 | - |
| Zultys | Mx30 Firmware | < 16.0.4 |
| Zultys | Mx30 | - |
Related Weaknesses (CWE)
References
- https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0002.mdThird Party Advisory
- https://mxvirtual.comProduct
- https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0002.mdThird Party Advisory
- https://mxvirtual.comProduct
FAQ
What is CVE-2023-43743?
CVE-2023-43743 is a vulnerability with a CVSS score of 8.8 (HIGH). A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to...
How severe is CVE-2023-43743?
CVE-2023-43743 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-43743?
Check the references section above for vendor advisories and patch information. Affected products include: Zultys Mx-Se Firmware, Zultys Mx-Se, Zultys Mx-Se Ii Firmware, Zultys Mx-Se Ii, Zultys Mx-E Firmware.