SB2023112112 - Multiple vulnerabilities in NEC Corporation EXPRESSCLUSTER X and EXPRESSCLUSTER SingleServerSafe

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Missing Authorization (CVE-ID: CVE-2023-39544)

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to missing authorization. A remote user can execute arbitrary commands on the system.

2) Files or Directories Accessible to External Parties (CVE-ID: CVE-2023-39545)

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to files or directories accessible to external parties. A local user can obtain files containing credentials via HTTP API.

3) Use of Password Hash Instead of Password for Authentication (CVE-ID: CVE-2023-39546)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to use of password hash instead of password for authentication. A remote attacker can perform a Pass The Hash attack and atempt to log in to the product's WebUI as an administrator.

4) Authentication Bypass by Capture-replay (CVE-ID: CVE-2023-39547)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to authentication bypass by capture-replay. A remote attacker on the local network can gain access to sensitive information such as configuration files.

5) Arbitrary file upload (CVE-ID: CVE-2023-39548)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload. A remote attacker can upload a malicious file and execute it on the server.

Remediation

Install update from vendor's website.

References

• https://jpn.nec.com/security-info/secinfo/nv23-009_en.html
• https://jvn.jp/en/vu/JVNVU98954968/index.html