9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
0.953 High
EPSS
Percentile
99.4%
In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.
Recent assessments:
cbeek-r7 at November 09, 2023 2:50pm UTC reported:
On November 8, 2023, SysAid, an IT service management company, revealed a zero-day path traversal vulnerability, CVE-2023-47426, impacting on-premise SysAid servers. Microsoftβs threat intelligence team, the discoverers of this vulnerability, reported its exploitation in the wild by DEV-0950 (Lace Tempest) through βlimited attacks.β
Microsoft, in a social media thread on the evening of November 8, underscored that Lace Tempest is associated with the distribution of Cl0p ransomware and highlighted the likelihood of ransomware deployment and/or data exfiltration when exploiting CVE-2023-47246. Itβs worth noting that Lace Tempest was also responsible for the MOVEit Transfer and GoAnywhere MFT extortion attacks earlier this year.
Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 5
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47246
documentation.sysaid.com/docs/latest-version-installation-files
documentation.sysaid.com/docs/on-premise-security-enhancements-2023
github.com/W01fh4cker/CVE-2023-47246-EXP
www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
0.953 High
EPSS
Percentile
99.4%