Lucene search
JpcertCVELIST:CVE-2023-22335HistoryMar 05, 2023 - 12:00 a.m.
CVE-2023-22335
2023-03-0500:00:00
jpcert
www.cve.org
improper access control
ss1
rakuraku pc cloud agent
remote attacker
arbitrary file download
arbitrary code execution
system privileges
vulnerability
Improper access control vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to bypass access restriction and download an arbitrary file of the directory where the product runs. As a result of exploiting this vulnerability with CVE-2023-22336 and CVE-2023-22344 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device.
CNA Affected
[
{
"vendor": "DOS Co., Ltd.",
"product": "SS1 and Rakuraku PC Cloud",
"versions": [
{
"version": "SS1 Ver.13.0.0.40 and earlier, and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier",
"status": "affected"
}
]
}
]Related
cve
cve
prion
prion
Improper access control
2023-03-06 00:15:00
Path traversal
2023-03-06 00:15:00
Hardcoded credentials
2023-03-06 00:15:00
nvd
nvd
jvn
jvn
JVN#57224029: Multiple vulnerabilities in SS1 and Rakuraku PC Cloud
2023-03-01 00:00:00
cvelist
cvelist
CVE-2023-22336
2023-03-05 00:00:00
CVE-2023-22344
2023-03-05 00:00:00