← Zuruck zu CVEs
CVE-2023-5183
CRITICAL9.9
Beschreibung
Unsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE. Authentication to the API is required to exploit this vulnerability. The flaw exists within the network_traffic API endpoint. An attacker can leverage this vulnerability to execute code in the context of the PCE’s operating system user.
CVE Details
CVSS v3.1 Bewertung9.9
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht9/27/2023
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
illumio:core_policy_compute_engine
Schwachen (CWE)
CWE-502CWE-502
Referenzen
https://docs.illumio.com/Guides/security-advisories/september-2023/cve-2023-5183.htm(security@illumio.com)
https://docs.illumio.com/Guides/security-advisories/september-2023/cve-2023-5183.htm(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.