CVE-2023-22855
CVE-2023-22855
Vexday Risk Score
53Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 9.8EPSS 14.8%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Lifecycle
15 Feb 2023Published on NVD
11 Oct 2023Public PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code execution. It spawns a web interface listening on port 8088. A user-controllable path is handed to a path-concatenation method (Path.Combine from .NET) without proper sanitisation. This yields the possibility of including local files, as well as remote files on SMB shares. If one provides a file with the extension .t4, it is rendered with the .NET templating engine mono/t4, which can execute code.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 4
githubgithub.com/vianic/CVE-2023-22855★ 0cve_referencepacketstormsecurity.com/files/171046/Kardex-Mlog-MCC-5.7.12-0-a203c2a213-master-File-Inclusion-Remote-Code-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/171689/Kardex-Mlog-MCC-5.7.12-Remote-Code-Execution.htmlunverifiedcve_referencewww.exploit-db.com/exploits/51239unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/171046/Kardex-Mlog-MCC-5.7.12-0-a203c2a213-master-File-Inclusion-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/171689/Kardex-Mlog-MCC-5.7.12-Remote-Code-Execution.htmlhttp://seclists.org/fulldisclosure/2023/Feb/10https://github.com/patrickhener/CVE-2023-22855/blob/main/advisory/advisory.mdhttps://www.exploit-db.com/exploits/51239