CVE-2023-33732

Name of the Vulnerable Software and Affected Versions Microworld Technologies eScan management console version 14.0.1400.2281

Description The issue allows a remote attacker to inject arbitrary code via the vulnerable parameters type, txtPolicyType, and Deletefileval in the New Policy form. This enables the attacker to execute arbitrary code, potentially leading to unauthorized access or data manipulation. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited.

Recommendations For version 14.0.1400.2281, consider disabling the New Policy form temporarily until a patch is available to prevent exploitation via the type, txtPolicyType, and Deletefileval parameters. Restrict access to the vulnerable parameters to minimize the risk of arbitrary code injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.