cbcvebase.
CVE-2023-22335
published 2023-03-06

CVE-2023-22335: Improper access control vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to bypass…

PriorityP348high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.74%
50.0th percentile
Improper access control vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to bypass access restriction and download an arbitrary file of the directory where the product runs. As a result of exploiting this vulnerability with CVE-2023-22336 and CVE-2023-22344 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device.

Affected

3 ranges
VendorProductVersion rangeFixed in
dos-osakarakuraku_pc_cloud_agent<= 2.1.8
dos-osakass1<= 13.0.0.40
dos_co_ltdss1_and_rakuraku_pc_cloud
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.