CVE-2023-5183
published 2023-09-27CVE-2023-5183: Unsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE. Authentication to the API is required to…
PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.56%
72.2th percentile
Unsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE. Authentication to the API is required to exploit this vulnerability. The flaw exists within the network_traffic API endpoint. An attacker can leverage this vulnerability to execute code in the context of the PCE’s operating system user.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| illumio | core_pce | 19.3.0 – 19.3.6 | — |
| illumio | core_pce | 21.2.0 – 21.2.7 | — |
| illumio | core_pce | 21.5.0 – 21.5.35 | — |
| illumio | core_pce | 22.2.0 – 22.2.41 | — |
| illumio | core_pce | 22.5.0 – 22.5.30 | — |
| illumio | core_pce | 23.2.0 – 23.2.10 | — |
| illumio | core_policy_compute_engine | < 19.3.7 | 19.3.7 |
| illumio | core_policy_compute_engine | >= 21.2.0 < 21.2.8 | 21.2.8 |
| illumio | core_policy_compute_engine | >= 21.5.0 < 21.5.36 | 21.5.36 |
| illumio | core_policy_compute_engine | >= 22.2.0 < 22.2.42 | 22.2.42 |
| illumio | core_policy_compute_engine | >= 22.5.0 < 22.5.31 | 22.5.31 |
| illumio | core_policy_compute_engine | >= 23.2.0 < 23.2.11 | 23.2.11 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-09-27
Published