CVE-2023-40612

CVSS 3.1 Score 8.0 of 10 (high)

Details

Published Aug 23, 2023
Updated: Aug 30, 2023
CWE ID 91

Summary

CVE-2023-40612: OpenMNS Horizon versions prior to 32.0.2 contain a vulnerability in the file editor. This issue allows forXXE injection attacks against the editor, which is accessible to any user with ROLE_FILESYSTEM_EDITOR privileges. The vulnerability can be exploited to execute malicious code, potentially leading to security breaches. To mitigate this risk, users should upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. It is important to note that OpenMNS Horizon and Meridian products are intended for private network use and should not be accessible from the internet directly. OpenMNS acknowledges the reporting of this issue by Erik Wynter.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share