CVE-2023-38125 - Vulnerability Details - OpenCVE

Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of the web server. The issue results from the lack of appropriate Content Security Policy headers. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20542.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://www.zerodayinitiative.com/advisories/ZDI-23-1059/

History

No history.

MITRE

Status: PUBLISHED

Assigner: zdi

Published: 2024-05-03T01:59:21.322Z

Updated: 2024-08-02T17:30:14.042Z

Reserved: 2023-07-12T15:22:20.623Z

Link: CVE-2023-38125

Vulnrichment

Updated: 2024-08-02T17:30:14.042Z

NVD

Status : Awaiting Analysis

Published: 2024-05-03T03:15:10.240

Modified: 2024-11-21T08:12:54.710

Link: CVE-2023-38125

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-38125", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "state": "PUBLISHED", "assignerShortName": "zdi", "dateReserved": "2023-07-12T15:22:20.623Z", "datePublished": "2024-05-03T01:59:21.322Z", "dateUpdated": "2024-08-02T17:30:14.042Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2024-05-03T01:59:21.322Z"}, "title": "Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution Vulnerability", "descriptions": [{"lang": "en", "value": "Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the configuration of the web server. The issue results from the lack of appropriate Content Security Policy headers. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20542."}], "affected": [{"vendor": "Softing", "product": "edgeAggregator", "versions": [{"version": "3.40", "status": "affected"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-942", "description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains", "type": "CWE"}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1059/", "name": "ZDI-23-1059", "tags": ["x_research-advisory"]}], "dateAssigned": "2023-07-12T10:35:25.020-05:00", "datePublic": "2023-08-09T13:04:22.098-05:00", "source": {"lang": "en", "value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.5, "baseSeverity": "HIGH"}}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-38125", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-07T19:26:57.744725Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:softing:edgeaggregator:*:*:*:*:*:*:*:*"], "vendor": "softing", "product": "edgeaggregator", "versions": [{"status": "affected", "version": "3.40"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:28:05.381Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:30:14.042Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1059/", "name": "ZDI-23-1059", "tags": ["x_research-advisory", "x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1059/", "name": "ZDI-23-1059", "tags": ["x_research-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:30:14.042Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-38125", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-07T19:26:57.744725Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:softing:edgeaggregator:*:*:*:*:*:*:*:*"], "vendor": "softing", "product": "edgeaggregator", "versions": [{"status": "affected", "version": "3.40"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-07T19:26:34.157Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution Vulnerability", "source": {"lang": "en", "value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "Softing", "product": "edgeAggregator", "versions": [{"status": "affected", "version": "3.40"}], "defaultStatus": "unknown"}], "datePublic": "2023-08-09T13:04:22.098-05:00", "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1059/", "name": "ZDI-23-1059", "tags": ["x_research-advisory"]}], "dateAssigned": "2023-07-12T10:35:25.020-05:00", "descriptions": [{"lang": "en", "value": "Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the configuration of the web server. The issue results from the lack of appropriate Content Security Policy headers. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20542."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-942", "description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains"}]}], "providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2024-05-03T01:59:21.322Z"}}}, "cveMetadata": {"cveId": "CVE-2023-38125", "state": "PUBLISHED", "dateUpdated": "2024-08-02T17:30:14.042Z", "dateReserved": "2023-07-12T15:22:20.623Z", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "datePublished": "2024-05-03T01:59:21.322Z", "assignerShortName": "zdi"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the configuration of the web server. The issue results from the lack of appropriate Content Security Policy headers. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20542."}, {"lang": "es", "value": "Softing edgeAggregator pol\u00edtica permisiva entre dominios con vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en dominios que no son de confianza. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de Softing edgeAggregator. Se requiere autenticaci\u00f3n para aprovechar esta vulnerabilidad. La falla espec\u00edfica existe en la configuraci\u00f3n del servidor web. El problema se debe a la falta de encabezados de Pol\u00edtica de seguridad de contenido adecuados. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo en el contexto ra\u00edz. Era ZDI-CAN-20542."}], "id": "CVE-2023-38125", "lastModified": "2024-11-21T08:12:54.710", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}]}, "published": "2024-05-03T03:15:10.240", "references": [{"source": "zdi-disclosures@trendmicro.com", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1059/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1059/"}], "sourceIdentifier": "zdi-disclosures@trendmicro.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-942"}], "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}]}