exploitDog

CVE-2023-43176

Опубликовано: 03 окт. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file.

Ссылки

http://afterlogic.com
Product
http://aurora.com
Broken Link
Not Applicable
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H&version=3.1
Third Party Advisory
US Government Resource
VDB Entry
https://sec.leonardini.dev/blog/cve-2023-43176-rce_aurora_files/
Exploit
Patch
Third Party Advisory
http://afterlogic.com
Product
http://aurora.com
Broken Link
Not Applicable
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H&version=3.1
Third Party Advisory
US Government Resource
VDB Entry
https://sec.leonardini.dev/blog/cve-2023-43176-rce_aurora_files/
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:afterlogic:aurora_files:9.7.3:*:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.00225

Низкий

8.8 High

CVSS3

Дефекты

CWE-502

Связанные уязвимости

GHSA-fg54-49f9-xp8r

CVSS3: 8.8

github

больше 2 лет назад

A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file.

EPSS

Процентиль: 45%

0.00225

Низкий

8.8 High

CVSS3

Дефекты

CWE-502