← Volver a CVEs
CVE-2023-5183
CRITICAL9.9
Descripcion
Unsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE. Authentication to the API is required to exploit this vulnerability. The flaw exists within the network_traffic API endpoint. An attacker can leverage this vulnerability to execute code in the context of the PCE’s operating system user.
Detalles CVE
Puntuacion CVSS v3.19.9
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado9/27/2023
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
illumio:core_policy_compute_engine
Debilidades (CWE)
CWE-502CWE-502
Referencias
https://docs.illumio.com/Guides/security-advisories/september-2023/cve-2023-5183.htm(security@illumio.com)
https://docs.illumio.com/Guides/security-advisories/september-2023/cve-2023-5183.htm(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.