Vulnerability Details CVE-2023-36670
A remotely exploitable command injection vulnerability was found on the Kratos NGC-IDU 9.1.0.4. An attacker can execute arbitrary Linux commands as root by sending crafted TCP requests to the device.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.8%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2023-36670
-
cpe:2.3:h:kratosdefense:ngc_indoor_unit:-
-
cpe:2.3:o:kratosdefense:ngc_indoor_unit_firmware:9.1.0.4