cbcvebase.
CVE-2023-24243
published 2023-06-16

CVE-2023-24243: CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF).

PriorityP353high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
4.00%
89.2th percentile
CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF).

Affected

1 ranges
VendorProductVersion rangeFixed in
cdataarc< 22.0.847322.0.8473

Detection & IOCsextracted from sources · hover to see the quote

url{{BaseURL}}/%255c%255c{{interactsh-url}}%255cC$%255cbb
otherhttp.favicon.hash:163538942
othericon_hash="163538942"
  • SSRF exploit path uses double URL-encoded backslashes (%255c%255c) to trigger a UNC-style path traversal to an attacker-controlled host; detect outbound SMB/DNS callbacks from the server following requests matching this pattern.
  • Successful exploitation results in an HTTP 404 response from the target while a DNS interaction is observed on the attacker-controlled interactsh server; correlate 404 responses on this path with out-of-band DNS callbacks.
  • Identify exposed CData ARC/RSB Connect instances using Shodan favicon hash 163538942 or FOFA icon_hash query as a pre-exploitation reconnaissance indicator.
  • ·The Nuclei template requires an active interactsh (out-of-band) server to confirm exploitation; DNS callback detection is the primary confirmation mechanism, meaning purely passive/inline detection will not catch this SSRF without OOB infrastructure.
  • ·The vulnerability affects specifically CData RSB Connect v22.0.8336; the CPE wildcard in the template (cpe:2.3:a:cdata:arc:*) means version-agnostic scanning may produce false positives on patched versions.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.