CVE-2023-1731
published 2023-04-24CVE-2023-1731: In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote…
PriorityP346high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.97%
57.5th percentile
In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| meinberg | ltos | >= 0.0.0 < 7.06.013 | 7.06.013 |
| meinbergglobal | lantime_firmware | < 7.06.013 | 7.06.013 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: SNIProxy contains remote code execution vulnerability
blogs_talos·2023-03-30·CVSS 9.8
[CRITICAL] Vulnerability Spotlight: SNIProxy contains remote code execution vulnerability
## Vulnerability Spotlight: SNIProxy contains remote code execution vulnerability
Keane O’Kelley of Cisco ASIG discovered this vulnerability.
Cisco ASIG recently discovered a remote code execution vulnerability in the SNIProxy open-source tool that occurs when the user utilizes wildcard backend hosts.
SNIProxy proxies incoming HTTP and TLS connections based on the hostname contained in the initial request of the TCP session. This open-source tool allows for users to carry out name-based proxying of HTTPS without decrypting traffic or needing a key or certificate.
Talos discovered a remote code execution vulnerability ( TALOS-2023-1731 /CVE-2023-25076) that exists if the user is utilizing wildcard backend hosts when configuring SNIProxy. An attacker could exploit this vulnerability by s
Talos
Vulnerability Spotlight: SNIProxy contains remote code execution vulnerability
blogs_talos·2023-03-30·CVSS 9.8
[CRITICAL] Vulnerability Spotlight: SNIProxy contains remote code execution vulnerability
Keane O’Kelley of Cisco ASIG discovered this vulnerability.
Cisco ASIG recently discovered a remote code execution vulnerability in the SNIProxy open-source tool that occurs when the user utilizes wildcard backend hosts.
SNIProxy proxies incoming HTTP and TLS connections based on the hostname contained in the initial request of the TCP session. This open-source tool allows for users to carry out name-based proxying of HTTPS without decrypting traffic or needing a key or certificate.
Talos discovered a remote code execution vulnerability (TALOS-2023-1731/CVE-2023-25076) that exists if the user is utilizing wildcard backend hosts when configuring SNIProxy. An attacker could exploit this vulnerability by sending a specially crafted HTTP or TLS packet to the target machine, potentially caus
2023-04-24
Published