CVE-2023-5607

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Nov 27, 2023

Updated: Dec 1, 2023

CWE ID 22

Summary

CVE-2023-5607 is a path traversal vulnerability affecting the TACC ePO extension in on-premises ePO servers before version 8.4.0. This issue allows an authorized attacker, who has access to the relevant section of the User Interface, to execute arbitrary code by uploading a specially crafted GTI reputation file. The vulnerability arises from an improper limitation of a path name to a restricted directory, and it has been addressed by updating the import logic to restrict file types and content.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tChMJb
https://www.cve.org/CVERecord?id=CVE-2023-5607
https://nvd.nist.gov/vuln/detail/CVE-2023-5607

Back to Vulnerability Database

CVE-2023-5607

CVSS 3.1 Score 7.2 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations