Lucene search
JpcertCVELIST:CVE-2023-22336HistoryMar 05, 2023 - 12:00 a.m.
CVE-2023-22336
2023-03-0500:00:00
jpcert
www.cve.org
path traversal
remote attacker
arbitrary code
ss1 ver.13.0.0.40
rakuraku pc cloud agent ver.2.1.8
Path traversal vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to upload a specially crafted file to an arbitrary directory. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22344 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device.
CNA Affected
[
{
"vendor": "DOS Co., Ltd.",
"product": "SS1 and Rakuraku PC Cloud",
"versions": [
{
"version": "SS1 Ver.13.0.0.40 and earlier, and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier",
"status": "affected"
}
]
}
]Related
cve
cve
cvelist
cvelist
CVE-2023-22335
2023-03-05 00:00:00
CVE-2023-22344
2023-03-05 00:00:00
jvn
jvn
JVN#57224029: Multiple vulnerabilities in SS1 and Rakuraku PC Cloud
2023-03-01 00:00:00
prion
prion
Improper access control
2023-03-06 00:15:00
Path traversal
2023-03-06 00:15:00
Hardcoded credentials
2023-03-06 00:15:00
nvd
nvd