Headline
CVE-2023-22344: Multiple vulnerabilities in SS1 and Rakuraku PC Cloud
Use of hard-coded credentials vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to obtain the password of the debug tool and execute it. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22336 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device.
Published:2023/03/01 Last Updated:2023/03/01
Overview
SS1 and Rakuraku PC Cloud provided by DOS Co., Ltd. contain multiple vulnerabilities.
Products Affected
- SS1 Ver.13.0.0.40 and earlier
- Rakuraku PC Cloud Agent Ver.2.1.8 and earlier
Description
SS1 is asset management software and Rakuraku PC Cloud is cloud-based asset management service. SS1 and Rakuraku PC Cloud Agent contain multiple vulnerabilities listed below.
Improper Access Control (CWE-284) - CVE-2023-22335
CVSS v3
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score: 7.5
CVSS v2
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score: 5.0
Path Traversal (CWE-22) - CVE-2023-22336
CVSS v3
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Base Score: 5.3
CVSS v2
AV:N/AC:L/Au:N/C:N/I:P/A:N
Base Score: 5.0
Use of Hard-coded Credentials (CWE-798) - CVE-2023-22344
CVSS v3
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score: 5.3
CVSS v2
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score: 5.0
Impact
- A remote attacker may download arbitrary files of the directory where the product runs - CVE-2023-22335
- A remote attacker may upload a specially crafted file to an arbitrary directory - CVE-2023-22336
- A remote attacker may obtain the password of the debug tool and execute it - CVE-2023-22344
When these vulnerabilities are combined, it allows a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device.
Solution
Update the software
Update software to the latest version according to the information provided by the developer.
The developer states that the patch of Rakuraku PC Cloud Agent is applied automatically when the client is launched.
Vendor Status
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Denis Faiustov, and Ruslan Sayfiev of GMO Cyber Security by IERAE reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information