Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2023-47246

Published: 10/11/2023 Updated: 13/11/2023
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Sysaid On-premises

Vulnerability Summary

In SysAid On-Premise prior to 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sysaid sysaid on-premises

Vendor Advisories

McAfee Security Bulletin: Trellix Insights
Properties Threat Severity Medium ...
McAfee Security Bulletin: Trellix Insights
Properties Threat Severity Medium ...
McAfee Security Bulletin: Trellix Insights
Properties Threat Severity Medium ...
McAfee Security Bulletin: Trellix Insights
Properties Threat Severity Medium ...
McAfee Security Bulletin: Trellix Insights
Properties Threat Severity Medium ...
McAfee Security Bulletin: Trellix Insights
Properties Threat Severity Medium ...
McAfee Security Bulletin: Trellix Insights
Properties Threat Severity Medium ...

Github Repositories

https://github.com/tucommenceapousser/CVE-2023-47246

Vulnerability details Clone on replit: fofa: body="sysaid-logo-dark-greenpng" || title="SysAid Help Desk Software" || body="Help Desk software <a href=\"wwwsysaidcom\">by SysAid</a>" shodan httpfaviconhash:1540720428

https://github.com/W01fh4cker/CVE-2023-47246-EXP

exploit for cve-2023-47246 SysAid RCE (shell upload)

Vulnerability Details fofa: body="sysaid-logo-dark-greenpng" || title="SysAid Help Desk Software" || body="Help Desk software <a href=\"wwwsysaidcom\">by SysAid</a>" Affected versions: SysAid Server<23336 Vulnerability Recurrence Execute the scr

Recent Articles

MOVEit cybercriminals unearth fresh zero-day to exploit on-prem SysAid hosts
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Second novel zero-day exploited by Lace Tempest this year offers notable demonstration of skill, especially for a ransomware affiliate

The cybercriminals behind the rampant MOVEit exploits from earlier this year are making use a zero-day vulnerability in on-prem instances of IT service and help desk software-slinger SysAid. Believed to be an affiliate of the Cl0p ransomware gang and tracked by Microsoft as Lace Tempest, the crew were able to execute PowerShell scripts and deploy malware by unearthing and abusing a novel zero-day in the IT service desk software. Microsoft's Threat Intelligence discovered the exploits, which only...

Read more...

References

CWE-22https://documentation.sysaid.com/docs/on-premise-security-enhancements-2023https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notificationhttps://documentation.sysaid.com/docs/latest-version-installation-fileshttps://nvd.nist.govhttps://www.theregister.co.uk/2023/11/09/moveit_cybercriminals_behind_latest_sysaid/https://github.com/W01fh4cker/CVE-2023-47246-EXPhttps://www.trellix.com/advanced-research-center/insights-preview/#threat-profile--lummac2-stealer
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook