CVE-2023-22335
published 2023-03-06CVE-2023-22335: Improper access control vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to bypass…
PriorityP348high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.74%
50.0th percentile
Improper access control vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to bypass access restriction and download an arbitrary file of the directory where the product runs. As a result of exploiting this vulnerability with CVE-2023-22336 and CVE-2023-22344 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dos-osaka | rakuraku_pc_cloud_agent | <= 2.1.8 | — |
| dos-osaka | ss1 | <= 13.0.0.40 | — |
| dos_co_ltd | ss1_and_rakuraku_pc_cloud | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-34gr-jxh4-rxfv: Path traversal vulnerability in SS1 Ver
ghsa_unreviewed·2023-03-06·CVSS 7.5
CVE-2023-22336 [HIGH] CWE-22 GHSA-34gr-jxh4-rxfv: Path traversal vulnerability in SS1 Ver
Path traversal vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to upload a specially crafted file to an arbitrary directory. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22344 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device.
GHSA
GHSA-44rp-5567-c4w9: Improper access control vulnerability in SS1 Ver
ghsa_unreviewed·2023-03-06·CVSS 9.8
CVE-2023-22335 [CRITICAL] CWE-284 GHSA-44rp-5567-c4w9: Improper access control vulnerability in SS1 Ver
Improper access control vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to bypass access restriction and download an arbitrary file of the directory where the product runs. As a result of exploiting this vulnerability with CVE-2023-22336 and CVE-2023-22344 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device.
GHSA
GHSA-63wr-jpff-c77r: Use of hard-coded credentials vulnerability in SS1 Ver
ghsa_unreviewed·2023-03-06·CVSS 7.5
CVE-2023-22344 [HIGH] CWE-798 GHSA-63wr-jpff-c77r: Use of hard-coded credentials vulnerability in SS1 Ver
Use of hard-coded credentials vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to obtain the password of the debug tool and execute it. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22336 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-03-06
Published