CVE-2023-39809

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 21, 2023
Updated: Aug 24, 2023
CWE ID 77

Summary

CVE-2023-39809 is a newly disclosed vulnerability affecting N.V.K.INTER CO., LTD.'s iBSG v3.5. This issue allows an attacker to inject commands through the system_hostname parameter found in /manage/network-basic.php, potentially leading to serious system compromises. Successful exploitation of this vulnerability could enable an attacker to execute arbitrary code and gain elevated privileges, posing a significant risk to impacted systems. Organizations running iBSG v3.5 are urged to apply the necessary patches as soon as possible to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share