CVE-2023-0830

EasyNAS backup.pl system os command injection

CVSS 5.3 MEDIUMEPSS 20.9%CWE-77 CWE-78

Vexday Risk Score

38Atención

Decisión SSVC (CISA)

Attend

PoC disponible → seguir de cerca

CVSS 5.3EPSS 20.9%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Ciclo de vida

14 feb 2023Publicada en NVD

Recomendación: Planificar corrección próxima — ya existe PoC pública.

A vulnerability classified as critical has been found in EasyNAS 1.1.0. Affected is the function system of the file /backup.pl. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Productos afectados

n/a · EasyNAS

PoCs públicas encontradas — 3

cve_referencegithub.com/xbz0n/CVE-2023-0830★ 1 cve_referencegist.github.com/xbz0n/674af0e802efaaafe90d2f67464c2690no verificado cve_referencewww.exploit-db.com/exploits/51266no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://gist.github.com/xbz0n/674af0e802efaaafe90d2f67464c2690 https://github.com/xbz0n/CVE-2023-0830 https://vuldb.com/?ctiid.220950 https://vuldb.com/?id.220950 https://vuldb.com/?submit.86683 https://www.exploit-db.com/exploits/51266