CVE-2023-3991

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Oct 16, 2023
Updated: Oct 20, 2023
CWE ID 338

Summary

CVE-2023-3991 is an OS command injection vulnerability discovered in the iperfrun.cgi functionality of FreshTomato 2023.3. This issue allows an attacker to execute arbitrary commands by sending a specially crafted HTTP request. Successful exploitation of this vulnerability can result in significant security implications, including unauthorized access, data theft, or system damage. FreshTomato users are strongly advised to update their software to a version that addresses this issue. To mitigate the risk, administrators should restrict network access to the affected component or configure a web application firewall to block suspicious HTTP requests. This vulnerability poses a serious threat to organizations and individuals who have not applied the necessary security patches. It is crucial to apply the latest updates and adhere to best practices for secure web application management to minimize the risk of exploitation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2023-3991 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions

Book your demo

Sign in

Back to Vulnerability Database