CVE-2023-43744
CVSS 3.1 Score 7.2 of 10 (high)
Details
Summary
CVE-2023-43744 is an OS command injection vulnerability that affects Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109. This vulnerability allows an administrator to execute arbitrary OS commands by manipulating the file name parameter in a patch application function. The Zultys MX Administrator client's "Patch Manager" section is where administrators can apply patches to the device. However, the user-supplied filename for the patch file is not properly validated, allowing for the execution of malicious commands through bash command substitution characters. This vulnerability poses a high risk to organizations as it can be exploited remotely without requiring any user interaction. The impact includes high integrity and confidentiality impacts and can potentially lead to compromise and disruption of systems. It is recommended to upgrade to firmware versions 17.0.10 patch 17161 or 16.04 patch 16109 to remediate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions