CVE-2023-40582

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 30, 2023

Updated: Sep 5, 2023

CWE ID 78

Summary

CVE-2023-40582 is a vulnerability affecting the find-exec utility, which allows discovering available shell commands. Prior to version 1.0.3, find-exec failed to properly escape user input, making it susceptible to Command Injection attacks. An attacker could exploit this issue by providing malicious shell commands via a controlled parameter. Users are strongly advised to upgrade to version 1.0.3 to mitigate this risk. Alternatively, users unable to upgrade should ensure that all input passed to find-exec comes from a trusted source.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sXgSoV
https://www.cve.org/CVERecord?id=CVE-2023-40582
https://nvd.nist.gov/vuln/detail/CVE-2023-40582

Back to Vulnerability Database

CVE-2023-40582

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations