CVE-2023-0830

EasyNAS backup.pl system os command injection

CVSS 5.3 MEDIUMEPSS 20.9%CWE-77 CWE-78

Vexday Risk Score

38Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 5.3EPSS 20.9%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Lifecycle

14 Feb 2023Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

A vulnerability classified as critical has been found in EasyNAS 1.1.0. Affected is the function system of the file /backup.pl. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected products

n/a · EasyNAS

public PoCs found — 3

cve_referencegithub.com/xbz0n/CVE-2023-0830★ 1 cve_referencegist.github.com/xbz0n/674af0e802efaaafe90d2f67464c2690unverified cve_referencewww.exploit-db.com/exploits/51266unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://gist.github.com/xbz0n/674af0e802efaaafe90d2f67464c2690 https://github.com/xbz0n/CVE-2023-0830 https://vuldb.com/?ctiid.220950 https://vuldb.com/?id.220950 https://vuldb.com/?submit.86683 https://www.exploit-db.com/exploits/51266