cbcvebase.
CVE-2023-22523
published 2023-12-06

CVE-2023-22523: This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed…

PriorityP264high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
11.15%
95.4th percentile
This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Assets Discovery application (formerly known as Insight Discovery) and the Assets Discovery agent.

Affected

57 ranges· showing 25
VendorProductVersion rangeFixed in
atlassianassets_discovery_cloud
atlassianassets_discovery_cloud
atlassianassets_discovery_cloud
atlassianassets_discovery_cloud
atlassianassets_discovery_cloud
atlassianassets_discovery_cloud
atlassianassets_discovery_cloud
atlassianassets_discovery_cloud
atlassianassets_discovery_cloud
atlassianassets_discovery_cloud
atlassianassets_discovery_cloud
atlassianassets_discovery_cloud
atlassianassets_discovery_cloud
atlassianassets_discovery_cloud
atlassianassets_discovery_cloud
atlassianassets_discovery_cloud
atlassianassets_discovery_cloud
atlassianassets_discovery_cloud
atlassianassets_discovery_cloud
atlassianassets_discovery_cloud
atlassianassets_discovery_cloud
atlassianassets_discovery_cloud
atlassianassets_discovery_cloud
atlassianassets_discovery_cloud
atlassianassets_discovery_cloud

Detection & IOCsextracted from sources · hover to see the quote

port51337
  • Monitor for privileged RCE activity originating from or targeting hosts running the Assets Discovery agent (formerly Insight Discovery), as exploitation occurs over the agent communication channel.
  • Alert on unexpected or anomalous traffic on TCP/UDP port 51337, which is the default communication port between the Assets Discovery application and its agents; unauthorized access to this port is the attack vector for CVE-2023-22523.
  • Identify hosts running Assets Discovery agent versions below 3.2.0 (Cloud) or below 6.2.0 (Data Center/Server) as unpatched and vulnerable to exploitation.
  • ·The default agent communication port (51337) should be blocked at the network perimeter as a temporary mitigation if patching cannot be applied immediately; this is Atlassian's official interim workaround.
  • ·Atlassian confirmed none of the four CVEs, including CVE-2023-22523, were observed being exploited in the wild at time of advisory publication — however, the high CVSS score (9.8) and wide corporate deployment of Jira Service Management warrant urgent prioritization.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.