cbcvebase.
CVE-2023-5183
published 2023-09-27

CVE-2023-5183: Unsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE. Authentication to the API is required to…

PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.56%
72.2th percentile
Unsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE. Authentication to the API is required to exploit this vulnerability. The flaw exists within the network_traffic API endpoint. An attacker can leverage this vulnerability to execute code in the context of the PCE’s operating system user.

Affected

12 ranges
VendorProductVersion rangeFixed in
illumiocore_pce19.3.0 – 19.3.6
illumiocore_pce21.2.0 – 21.2.7
illumiocore_pce21.5.0 – 21.5.35
illumiocore_pce22.2.0 – 22.2.41
illumiocore_pce22.5.0 – 22.5.30
illumiocore_pce23.2.0 – 23.2.10
illumiocore_policy_compute_engine< 19.3.719.3.7
illumiocore_policy_compute_engine>= 21.2.0 < 21.2.821.2.8
illumiocore_policy_compute_engine>= 21.5.0 < 21.5.3621.5.36
illumiocore_policy_compute_engine>= 22.2.0 < 22.2.4222.2.42
illumiocore_policy_compute_engine>= 22.5.0 < 22.5.3122.5.31
illumiocore_policy_compute_engine>= 23.2.0 < 23.2.1123.2.11
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.