Aggregates CVE and security vulnerability intelligence across all zultys-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk sql injection and vendor risk command injection; exposure may include vendor impact data exposure in vendor surface software deployment and vendor surface production workloads contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-43744 | An OS command injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an administrator to execute arbitrary OS commands via a file name parameter in a patch application function. The Zultys MX Administrator client has a "Patch Manager" section that allows administrators to apply patches to the device. The user supplied filename for the patch file is passed to a shell script without valid | [email protected] | 7.2 | 0.19% | 2023-12-08 | 2024-11-21 |
| CVE-2023-43743 | A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to execute arbitrary SQL queries on the backend database via the filter parameter in requests to the /newapi/ endpoint in the Zultys MX web interface. | [email protected] | 8.8 | 0.09% | 2023-12-08 | 2025-05-27 |
| CVE-2023-43742 | An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an unauthenticated attacker to obtain an administrative session via a protection mechanism failure in the authentication function. In normal operation, the Zultys MX Administrator Windows client connects to port 7505 and attempts authentication, submitting the administrator username and password to the server. Upon authentication f | [email protected] | 9.8 | 0.09% | 2023-12-08 | 2024-11-21 |