Strix
26.1K

CVE-2023-48310

HIGHCVSS 7.5/10EPSS 1.08%

Last modified

CVE-2023-48310 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. TestingPlatform is a testing platform for Internet Security Standards. Prior to version 2.1.1, user input is not filtered correctly. EPSS estimates a 1.08% chance of exploitation in the next 30 days.

Description

TestingPlatform is a testing platform for Internet Security Standards. Prior to version 2.1.1, user input is not filtered correctly. Nmap options are accepted. In this particular case, the option to create log files is accepted in addition to a host name (and even without). A log file is created at the location specified. These files are created as root. If the file exists, the existing file is being rendered useless. This can result in denial of service. Additionally, input for scanning can be any CIDR blocks passed to nmap. An attacker can scan 0.0.0.0/0 or even local networks. Version 2.1.1 contains a patch for this issue.

Metrics

CVSS 3.1
7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability
1.08%

60.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
Nc3Testing Platform< 2.1.1

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-48310?
TestingPlatform is a testing platform for Internet Security Standards. Prior to version 2.1.1, user input is not filtered correctly. Nmap options are accepted. In this particular case, the option to create log files is accepted in addition to a host name (and even without). A log file is created at the location specified. These files are created as root. If the file exists, the existing file is being rendered useless. This can result in denial of service. Additionally, input for scanning can be any CIDR blocks passed to nmap. An attacker can scan 0.0.0.0/0 or even local networks. Version 2.1.1 contains a patch for this issue.
How severe is CVE-2023-48310?
CVE-2023-48310 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 1.08% probability of exploitation in the next 30 days.
How do I fix CVE-2023-48310?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-48310?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST