阿里云漏洞库

漏洞描述

A vulnerability was found in EnTech Monitor Asset Manager 2.9. It has been declared as problematic. Affected by this vulnerability is the function 0x80002014 of the component IoControlCode Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier VDB-229849 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://drive.google.com/file/d/1ehTYhcdeTiB4rQ38n5FqhQZgVqcvvPE_/view?usp=sharing
https://github.com/zeze-zeze/WindowsKernelVuln/blob/master/CVE-2023-2870
https://vuldb.com/?ctiid.229849
https://vuldb.com/?id.229849

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	entechtaiwan	monitor_asset_manager	2.9	-
	运行在以下环境
	系统	alma_linux_8	tomcat	*		Up to (excluding) 9.0.62-27.el8_9
	运行在以下环境
	系统	alma_linux_9	tomcat	*		Up to (excluding) 9.0.62-37.el9_3
	运行在以下环境
	系统	amazon_2	tomcat	*		Up to (excluding) 7.0.76-10.amzn2.0.3
	运行在以下环境
	系统	amazon_AMI	tomcat8	*		Up to (excluding) 8.5.87-1.92.amzn1
	运行在以下环境
	系统	opensuse_Leap_15.4	tomcat	*		Up to (excluding) 9.0.43-150200.35.1
	运行在以下环境
	系统	opensuse_Leap_15.5	tomcat	*		Up to (excluding) 9.0.75-150200.41.1
	运行在以下环境
	系统	oracle_8	tomcat	*		Up to (excluding) 9.0.62-27.el8_9
	运行在以下环境
	系统	oracle_9	tomcat	*		Up to (excluding) 9.0.62-37.el9_3
	运行在以下环境
	系统	redhat_8	tomcat	*		Up to (excluding) 9.0.62-27.el8_9
	运行在以下环境
	系统	redhat_9	tomcat	*		Up to (excluding) 9.0.62-37.el9_3

攻击路径

本地
攻击复杂度

低
权限要求

低
影响范围

未更改
用户交互

无
可用性

高
保密性

无
完整性

无

CWE-ID	漏洞类型
CWE-404	不恰当的资源关闭或释放

EnTech Monitor Asset Manager IoControlCode 0x80002014 denial of service(CVE-2023-2870)

漏洞描述

解决建议

参考链接

受影响软件情况