CVE-2023-45727
published 2023-10-18CVE-2023-45727: Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier…
PriorityP183high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
KEVITW
CISA Known Exploited Vulnerabilitydue 2024-12-24
Exploited in the wild
EPSS
3.54%
87.8th percentile
Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| north_grid_corporation | proself_enterprise_standard_edition | — | — |
| north_grid_corporation | proself_gateway_edition | — | — |
| north_grid_corporation | proself_mail_sanitize_edition | — | — |
| northgrid | proself | < 1.09 | 1.09 |
| northgrid | proself | < 1.66 | 1.66 |
| northgrid | proself | < 5.63 | 5.63 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated HTTP requests containing malformed/crafted XML data targeting Proself endpoints, which may indicate XXE exploitation attempts ↗
- →Monitor for XXE-characteristic payloads (e.g., DOCTYPE/ENTITY declarations referencing local file paths) in requests to Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier ↗
- →Alert on unauthenticated access patterns to Proself services, particularly requests that result in file read operations of account information files on the server ↗
- ·Vulnerability affects multiple Proself product lines with distinct version thresholds; ensure version checks cover all three affected editions ↗
- ·Exploitation requires no authentication, meaning perimeter controls blocking unauthenticated users are insufficient — the attack surface is fully externally exposed ↗
- ·This CVE is listed in CISA KEV with a remediation due date of 2024-12-24, indicating confirmed active exploitation in the wild ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck7.5HIGH
cisa7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m745-jcvj-8cx6: Proself Enterprise/Standard Edition Ver5
ghsa_unreviewed·2023-10-18
CVE-2023-45727 [HIGH] CWE-611 GHSA-m745-jcvj-8cx6: Proself Enterprise/Standard Edition Ver5
Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker.
VulnCheck
North Grid Proself Improper Restriction of XML External Entity (XXE) Reference Vulnerability
vulncheck·2023·CVSS 7.5
CVE-2023-45727 [HIGH] CWE-611 North Grid Proself Improper Restriction of XML External Entity (XXE) Reference Vulnerability
North Grid Proself Improper Restriction of XML External Entity (XXE) Reference Vulnerability
North Grid Proself Enterprise/Standard, Gateway, and Mail Sanitize contain an improper restriction of XML External Entity (XXE) reference vulnerability, which could allow a remote, unauthenticated attacker to conduct an XXE attack.
Affected: North Grid Proself
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://www.cybereason.com/blog/cuckoo-spear-analyzing-noopdoor; https://www.trendmicro.com/en_us/research/24/k/lodeinfo-campaign-of-earth-kasha.html; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2024-12-24
CISA
North Grid Proself Improper Restriction of XML External Entity (XXE) Reference Vulnerability
cisa·2024-12-03·CVSS 7.5
CVE-2023-45727 [HIGH] CWE-611 North Grid Proself Improper Restriction of XML External Entity (XXE) Reference Vulnerability
Vulnerability: North Grid Proself Improper Restriction of XML External Entity (XXE) Reference Vulnerability
Affected: North Grid Proself
North Grid Proself Enterprise/Standard, Gateway, and Mail Sanitize contain an improper restriction of XML External Entity (XXE) reference vulnerability, which could allow a remote, unauthenticated attacker to conduct an XXE attack.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes: https://www.proself.jp/information/153/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-45727
Remediation Due Date: 2024-12-24
No detection rules found.
No public exploits indexed.
2023-10-18
Published
2024-12-03
Added to CISA KEV
Exploited in the wild