← Retour aux CVEs
CVE-2023-5183
CRITICAL9.9
Description
Unsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE. Authentication to the API is required to exploit this vulnerability. The flaw exists within the network_traffic API endpoint. An attacker can leverage this vulnerability to execute code in the context of the PCE’s operating system user.
Details CVE
Score CVSS v3.19.9
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie9/27/2023
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
illumio:core_policy_compute_engine
Faiblesses (CWE)
CWE-502CWE-502
References
https://docs.illumio.com/Guides/security-advisories/september-2023/cve-2023-5183.htm(security@illumio.com)
https://docs.illumio.com/Guides/security-advisories/september-2023/cve-2023-5183.htm(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.