CVE-2023-41331

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Sep 12, 2023
Updated: Sep 15, 2023
CWE ID 917

Summary

CVE-2023-41331 is a vulnerability in the SOFARPC Java RPC framework. Versions prior to 5.11.0 are affected by this vulnerability, which allows for remote command execution. An attacker can exploit this vulnerability by injecting JNDI or executing system commands through a carefully crafted payload. The default configuration of the SOFARPC framework includes a blacklist to filter out dangerous classes during deserialization, but it is not comprehensive. This leaves room for actors to exploit certain native JDK classes and common third-party packages to construct gadget chains capable of achieving JNDI injection or system command execution attacks. The recommended remediation is to update to version 5.11.0, which contains a fix for this issue. As a temporary workaround, users can add `-Drpc_serialize_blacklist_override=javax.sound.sampled.AudioFileFormat` to the blacklist. The vulnerability poses a high risk to organizations as it allows attackers to execute arbitrary commands on vulnerable systems, compromising the integrity and confidentiality of data.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-41331 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options