CVE-2023-6950

{"id": "CVE-2023-6950", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "prodsec@nozominetworks.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.0, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.5}]}, "published": "2024-04-02T11:15:51.243", "references": [{"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-6950/", "source": "prodsec@nozominetworks.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "prodsec@nozominetworks.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "An Improper Input Validation vulnerability affecting the FTP service running on the DJI Mavic Mini 3 Pro could allow an attacker to craft a malicious packet containing a malformed path provided to the FTP SIZE command that leads to a denial-of-service attack of the FTP service itself."}, {"lang": "es", "value": "** EN DISPUTA ** Una vulnerabilidad de validaci\u00f3n de entrada incorrecta que afecta el servicio FTP que se ejecuta en el DJI Mavic Mini 3 Pro podr\u00eda permitir a un atacante crear un paquete malicioso que contenga una ruta mal formada proporcionada el comando FTP TAMA\u00d1O que conduce a un ataque de denegaci\u00f3n de servicio del propio servicio FTP."}], "lastModified": "2024-05-17T02:34:01.863", "sourceIdentifier": "prodsec@nozominetworks.com"}