Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-39854: CVE-2023-39854

The web interface of ATX Ucrypt through 3.5 allows authenticated users (or attackers using default credentials for the admin, master, or user account) to include files via a URL in the /hydra/view/get_cc_url url parameter. There can be resultant SSRF.

CVE
#vulnerability#web#google#ssrf#auth

1 minute read

CVE-2023-39854****Summary

The web interface of ATX Ucrypt (v3.5 and older) is vulnerable to a Server Side Request Forgery (SSRF) and Local File Inclusion (LFI) vulnerability, allowing authenticated users (or attackers using default credentials for the admin, master or user account) to access remote hosts and system files.

Version Impacted

ATX Ucrypt v3.5 and older

Vulnerability Details

An authenticated user, or an attacker using the default credentials for the admin, master or user account, can access remote web endpoints or local system files using the following URIs :

/hydra/view/get_cc_url?board_id=2&url=file%3A%2F%2F%2Fetc%2Fpasswd
/hydra/view/get_cc_url?board_id=1&url=https%3A%2F%2Fgoogle.com%3A443%2F

An example of a vulnerable host :

Recommended Mitigations

Multiple attempts had been made to responsibly disclose the issue to the vendor to address the root cause of this vulnerability, but no response was received.

Users are advised to audit all users of their deployment and ensure that they have rotated the default credentials for the admin, master and user accounts that this service has baked in.

Disclosure Timeline

Jul 18, 2023

First attempt made to contact ATX Networks on their marketing and security email.

Aug 15, 2023

Second attempt made to contact ATX Networks on their marketing and security email.

Aug 19, 2023

Case opened with CERT Coordination Center (CERT/CC) to assist with responsible disclosure.

Aug 21, 2023

CERT/CC’s time window to responsible disclosure begins (Case VU#293164).

Oct 05, 2023

Two attempts made by CERT/CC in the window receive no response and 45 day window ends.

Oct 05, 2023

CVE number assigned by MITRE.

Oct 07, 2023

Responsible public disclosure.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907