Deserialization of untrusted data

2023-09-2715:19:00

PRIOn knowledge base

www.prio-n.com

deserialization

untrusted data

arbitrary code execution

illumio pce

authentication

api endpoint

vulnerability

0.001 Low

EPSS

Percentile

20.3%

JSON

Unsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE. Authentication to the API is required to exploit this vulnerability. The flaw exists within the network_traffic API endpoint. An attacker can leverage this vulnerability to execute code in the context of the PCE’s operating system user.

CPENameOperatorVersion
core_policy_compute_enginelt19.3.7
core_policy_compute_enginege21.2.0
core_policy_compute_enginelt21.2.8
core_policy_compute_enginege21.5.0
core_policy_compute_enginelt21.5.36
core_policy_compute_enginege22.2.0
core_policy_compute_enginelt22.2.42
core_policy_compute_enginege22.5.0
core_policy_compute_enginelt22.5.31
core_policy_compute_enginege23.2.0

Name	Operator	Version
core_policy_compute_engine	lt	19.3.7
core_policy_compute_engine	ge	21.2.0
core_policy_compute_engine	lt	21.2.8
core_policy_compute_engine	ge	21.5.0
core_policy_compute_engine	lt	21.5.36
core_policy_compute_engine	ge	22.2.0
core_policy_compute_engine	lt	22.2.42
core_policy_compute_engine	ge	22.5.0
core_policy_compute_engine	lt	22.5.31
core_policy_compute_engine	ge	23.2.0

Rows per page:

1-10 of 111

References

docs.illumio.com/Guides/security-advisories/september-2023/cve-2023-5183.htm

0.001 Low

EPSS

Percentile

20.3%

JSON

Related for PRION:CVE-2023-5183