Cyber Resilience

CVE-2023-43477

MediumPublic PoC

Published: 20 September 2023

Published
20 September 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.2077 95.7th percentile
Risk Priority 26 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-43477 is a medium-severity Command Injection (CWE-77) vulnerability in Telstra Arcadyan Lh1000 Firmware. Its CVSS base score is 6.8 (Medium).

Operationally, ranked in the top 4.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

The vulnerability CVE-2023-43477 is a command injection flaw (CWE-77) in the web UI of the Telstra Smart Modem Gen 2 (Arcadyan LH1000) on firmware versions prior to 0.18.15r. Specifically, the ping_from parameter in ping_tracerte.cgi is not sanitized before being passed to a system call, allowing arbitrary command execution.

An authenticated attacker with high privileges on an adjacent network can supply a malicious ping_from value to achieve command injection as root on the device, resulting in full control over the modem.

The referenced Tenable advisory at https://www.tenable.com/security/research/tra-2023-19 addresses the issue in affected firmware, with the provided version information indicating that upgrading to 0.18.15r or later resolves the improper input handling.

The EPSS score remains flat at 0.2077 with no material rise observed.

EU & UK References

Vulnerability details

The ping_from parameter of ping_tracerte.cgi in the web UI of Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, was not properly sanitized before being used in a system call, which could allow an authenticated attacker to achieve…

more

command injection as root on the device.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

telstra
arcadyan lh1000 firmware
≤ 0.18.15r

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References