www.coresecurity.com
Open in
urlscan Pro
2606:4700::6812:bcc
Public Scan
Submitted URL: https://t.co/EQ8FwRCk43
Effective URL: https://www.coresecurity.com/core-labs/articles/core-impact-monthly-chronicle-exploits-and-updates-nov-2023
Submission: On November 04 via api from IN — Scanned from DE
Effective URL: https://www.coresecurity.com/core-labs/articles/core-impact-monthly-chronicle-exploits-and-updates-nov-2023
Submission: On November 04 via api from IN — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
Cookie-Präferenzen
Skip to main content
* Fortra.com
* Contact Us
* Support
* All Fortra Products
* FREE TRIALS
* Fortra.com
* Contact Us
* Support
* All Fortra Products
* FREE TRIALS
* Cyber Threat Toggle Dropdown
PRODUCTS
* Core Impact Penetration testing software
* Cobalt Strike Red team software
* Outflank Security Tooling (OST) Evasive attack simulation
* Event Manager Security information and event management
* Powertech Antivirus Server-level virus protection
* Product Bundles Layered security solutions
SOLUTIONS
* Penetration Testing
* Penetration Testing Services
* Offensive Security
* Threat Detection
* Security Information and Event Management
* Penetration Testing Services Security consulting services
* Identity Toggle Dropdown
PRODUCTS
* Access Assurance Suite User provisioning and governance
* Core Password & Secure Reset Self-service password management
* Core Privileged Access Manager (BoKS) Privileged access management
(PAM)
SOLUTIONS
* Privileged Access Management
* Identity Governance & Administration
* Password Management
* See How to Simplify Access in Your Organization | Request a Demo
* Industries Toggle Dropdown
* Healthcare
* Financial Services
* Federal Government
* Retail
* Utilities & Energy
* Higher Education
* Compliance
* Resources Toggle Dropdown
* Upcoming Webinars & Events
* Blogs
* Case Studies
* Videos
* Datasheets
* Guides
* Training
* Compliance
* All Resources
* CoreLabs Toggle Dropdown
* Advisories
* Exploits
* Articles
* Open Source Tools
* About Toggle Dropdown
* Partners
* Careers
* Newsroom
* Contact Us
CORE IMPACT MONTHLY CHRONICLE: EXPLOITS AND UPDATES | NOV 2023
One of Core Impact’s most valuable features is its certified exploit library.
Fortra’s Core Security has a team of expert exploit writers that conduct
research, evaluating and prioritizing the most relevant vulnerabilities in order
to update the library with critical and useful exploits. Additionally, the QA
team creates its own clean environment to validate each exploit before its
release to ensure our standards and validate that it is safe and ready to use.
While you can keep track of new releases through our exploit mailing list,
here’s a more detailed summary of some of the most recent additions to the
library.
CVE-2023-47246 - SYSAID ON-PREM USERENTRY ACCOUNTID PATH TRAVERSAL RCE EXPLOIT
Authors: Marcos Accossatto and Luis García Sierra (QA)
CVSS: 9.8 CRITICAL
Reference: CVE-2023-47246
A vulnerability was found in SysAid On-Premise before 23.3.36, where a path
traversal vulnerability leads to code execution after an attacker writes a file
to the Tomcat webroot.
This vulnerability has multiple instances of being exploited in the wild.
This exploit enables a pen tester to simulate an unauthenticated attacker to
upload aWAR archive containing a WebShell and other payloads into the webroot of
the SysAid Tomcat web service, leading to the deployment of an implant and the
machine compromise.
CVE-2023-36802 - MICROSOFT STREAMING SERVICE ELEVATION OF PRIVILEGE
VULNERABILITY EXPLOIT
Authors: Cristian Rubio and Luis García Sierra (QA)
CVSS: 7.8 HIGH
Reference: CVE-2023-36802
A vulnerability was found in the Windows Streaming service, which runs as
SYSTEM, and can be exploited to allow local users to gain elevated privileges on
the Windows operating system.
This vulnerability has multiple instances of being exploited in the wild.
This exploit takes advantage of this recent Microsoft vulnerability in the
streaming service within Windows Kernel. It can be used to simulate an attacker
that uses this vulnerability to escalate their privileges, gaining access to
sensitive data or pivoting to eventually achieve full system control.
CVE-2023-22518 - ATLASSIAN CONFLUENCE SETUP-RESTORE IMPROPER AUTH RCE EXPLOIT
Authors: Marcos Accossatto and Nahuel González (QA)
CVSS: 10.0 CRITICAL
Reference: CVE-2023-22518
A vulnerability was found in Confluence, a knowledge management tool from
Atlassian. This improper authorization vulnerability can be exploited by an
unauthenticated attacker in order to reset an instance of Confluence in order to
create an admin account.
This vulnerability has multiple instances of being exploited in the wild. For
example, Cerber ransomware has employed this in its process, exploiting it in
order to escalate privileges.
This exploit uses an improper authorization vulnerability in Atlassian
Confluence to replace the database contents and create a new admin user in the
target system. The created admin account is then used to upload a Servlet plugin
JAR file to deploy an agent. The deployed agent will run with the same
privileges as the Confluence instance.
As the exploitation of this vulnerability implies a reset of the application
configuration, we also released a checker to confirm it without breaking the
configuration.
CVE-2023-46747 - F5 BIG-IP CONFIGURATION UTILITY AUTHENTICATION BYPASS
ESCALATION EXPLOIT
Authors: Marcos Accossatto and Nahuel González (QA)
CVSS: 10.0 CRITICAL
Reference: CVE-2023-46747
BIG IP is a portfolio of products from F5 that focus on application security,
delivery, and performance. A request smuggling vulnerability was discovered in
the configuration utility component that enables an attacker with network access
to create an administrative user and execute arbitrary system commands.
This vulnerability has multiple instances of being exploited in the wild and has
been added to CISA’s Known Exploited Vulnerabilities Catalog.
CVE-2023-20198 – CISCO IOS XE WMSA ENCODING BYPASS EXPLOIT
Authors: Marcos Accossatto and Nahuel González (QA)
CVSS: 10.0 CRITICAL
Reference: CVE-2023-20198
The network operating system, Cisco, was discovered to have a remote code
execution vulnerability in its web user interface. An unauthenticated remote
attacker exploiting this vulnerability could create an account with maximum
privilege (level 15) access.
Since this is a zero-day vulnerability, it had already been exploited in the
wild prior to discovery. In fact, over 40,000 devices were found to have been
compromised shortly after its discovery.
Using this module, a pen tester can connect to the remote host and attempts to
determine by sending specially crafted requests, and if the target is found to
be vulnerable, the module will create a new local administrator user in the
target system using the provided credentials.
Meet the Author
PABLO ZURRO
Cybersecurity Product Manager
Core Security, by Fortra
View Profile
Related Content
Article
Core Impact Monthly Chronicle: Exploits and Updates | Oct 2023
Blog
Open Source vs. Enterprise: Why Not All Exploits are Created Equal
Article
Reversing and Exploiting Free Tools Series
LEARN MORE ABOUT CORE IMPACT
CTA Text
Find out more about the exploit library and explore other features in this
on-demand demo.
WATCH THE DEMO
* Email Us
* X Find us on Twitter
* LinkedIn Find us on LinkedIn
* Facebook Find us on Facebook
* YouTube Find us on YouTube
PRODUCTS
* Access Assurance Suite
* Core Impact
* Cobalt Strike
* Event Manager
* Browse All Products
SOLUTIONS
* IDENTITY GOVERNANCE
* PAM
* IGA
* IAM
* Password Management
* Vulnerability Management
* Compliance
* CYBER THREAT
* Penetration Testing
* Red Team
* Phishing
* Threat Detection
* SIEM
RESOURCES
* Upcoming Webinars & Events
* Corelabs Research
* Blog
* Training
ABOUT
* Our Company
* Partners
* Careers
* Accessibility
SUPPORT
PRIVACY POLICY
CONTACT
IMPRESSUM
COOKIE POLICY
Copyright © Fortra, LLC and its group of companies. Fortra®, the Fortra® logos,
and other identified marks are proprietary trademarks of Fortra, LLC.