CVE-2023-31068
published 2023-09-11CVE-2023-31068: An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under…
PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
2.85%
84.9th percentile
An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\UserDesktop\themes.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tsplus | tsplus_remote_work | <= 16.0.0.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
pathC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\cgi-bin\SessionPrelaunch.Common.dll.config↗
- →Audit ACLs on the TSplus-RemoteWork www directory tree for 'Everyone:(OI)(CI)(F)' or 'Everyone:(F)' permissions, which indicate the insecure configuration exploitable for privilege escalation. ↗
- →Monitor for unexpected writes or modifications to Setup-RemoteWork-Client.exe under the TSplus www\download folder by non-administrative users, as this is a primary trojanization target. ↗
- →Alert on file integrity changes to .html and .js files under C:\Program Files (x86)\TSplus-RemoteWork\Clients\www by non-SYSTEM/non-admin accounts, as these are world-writable and can be used to inject malicious code. ↗
- ·Despite the exploit PoC being tagged CVE-2023-31068, the NVD entry for that CVE number actually describes TSplus Remote Work 16.0.0.0 insecure permissions — the same vulnerability. The NVD page retrieved is for CVE-2023-27133, suggesting a possible mis-mapping; analysts should verify the correct CVE assignment before using this intel in tracking systems. ↗
- ·The vulnerable version ceiling is 16.0.0.0; installations beyond this version should be independently verified for the same ACL misconfiguration before assuming they are unaffected. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m4g4-hvch-vhgf: TSplus Remote Work 16
ghsa_unreviewed·2023-10-17·CVSS 9.8
CVE-2023-27133 [CRITICAL] CWE-276 GHSA-m4g4-hvch-vhgf: TSplus Remote Work 16
TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILES(X86)%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remote Access product, not the TSplus Remote Work product.
GHSA
GHSA-gx37-4cw7-q8m8: An issue was discovered in TSplus Remote Access through 16
ghsa_unreviewed·2023-09-11
CVE-2023-31068 [CRITICAL] CWE-276 GHSA-gx37-4cw7-q8m8: An issue was discovered in TSplus Remote Access through 16
An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\UserDesktop\themes.
No detection rules found.
No writeups or analysis indexed.
2023-09-11
Published