CVE-2023-37569

OS Command Injection Vulnerability in Emagic Data Center Management Suite

CVSS 8.8 HIGHEPSS 24.0%CWE-78

Vexday Risk Score

46Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 8.8EPSS 24.0%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Lifecycle

08 Aug 2023Public PoC

08 Aug 2023Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

This vulnerability exists in ESDS Emagic Data Center Management Suit due to lack of input sanitization in its Ping component. A remote authenticated attacker could exploit this by injecting OS commands on the targeted system. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on targeted system.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

ESDS · Emagic Data Center Management Suite

public PoCs found — 2

cve_referencepacketstormsecurity.com/files/174084/Emagic-Data-Center-Management-Suite-6.0-Remote-Command-Execution.htmlunverified exploitdbwww.exploit-db.com/exploits/51673unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/174084/Emagic-Data-Center-Management-Suite-6.0-Remote-Command-Execution.html https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0226