CVE-2023-40582
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Aug 30, 2023
Updated: Sep 5, 2023
CWE ID 78
Summary
CVE-2023-40582 is a vulnerability affecting the find-exec utility, which allows discovering available shell commands. Prior to version 1.0.3, find-exec failed to properly escape user input, making it susceptible to Command Injection attacks. An attacker could exploit this issue by providing malicious shell commands via a controlled parameter. Users are strongly advised to upgrade to version 1.0.3 to mitigate this risk. Alternatively, users unable to upgrade should ensure that all input passed to find-exec comes from a trusted source.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share