Lucene search

STAR_LabsCVE-2023-1713

HistoryNov 01, 2023 - 10:15 a.m.

CVE-2023-1713

2023-11-0110:15:08

CWE-434

STAR_Labs

web.nvd.nist.gov

cve-2023-1713

bitrix24

remote code execution

apache http server

nvd

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

46.8%

JSON

Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php in Bitrix24 22.0.300 hosted on Apache HTTP Server allows remote authenticated attackers to execute arbitrary code via uploading a crafted “.htaccess” file.

Affected configurations

Nvd

Node

bitrix24bitrix24Match22.0.300

VendorProductVersionCPE
bitrix24bitrix2422.0.300cpe:2.3:a:bitrix24:bitrix24:22.0.300:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bitrix24	bitrix24	22.0.300	cpe:2.3:a:bitrix24:bitrix24:22.0.300:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Bitrix24",
    "programFiles": [
      "file:bitrix/components/bitrix/crm.order.import.instagram.view/class.php"
    ],
    "vendor": "Bitrix24",
    "versions": [
      {
        "lessThanOrEqual": "22.0.300",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

starlabs.sg/advisories/23/23-1713/

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

46.8%

JSON

Related for CVE-2023-1713