cbcvebase.
CVE-2023-22336
published 2023-03-06

CVE-2023-22336: Path traversal vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to upload a specially…

PriorityP357critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.10%
61.5th percentile
Path traversal vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to upload a specially crafted file to an arbitrary directory. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22344 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device.

Affected

3 ranges
VendorProductVersion rangeFixed in
dos-osakarakuraku_pc_cloud_agent<= 2.1.8
dos-osakass1<= 13.0.0.40
dos_co_ltdss1_and_rakuraku_pc_cloud
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.