CVE-2023-2520

Name of the Vulnerable Software and Affected Versions Caton Prime version 2.1.2.51.e8d7225049(202303031001)

Description A critical issue affects the Ping Handler component, specifically the file "cgi-bin/tools ping.cgi?action=Command", where manipulation of the Destination argument leads to command injection. This can be initiated remotely. The vendor was contacted about this disclosure but did not respond.

Recommendations For Caton Prime version 2.1.2.51.e8d7225049(202303031001), as a temporary workaround, consider restricting access to the "cgi-bin/tools ping.cgi?action=Command" endpoint or disabling the manipulation of the Destination argument to minimize the risk of command injection until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.