PT-2023-24606 · Brook · Brook
Pwntester
·
Published
2023-06-01
·
Updated
2023-06-09
·
CVE-2023-33965
CVSS v3.1
9.6
Critical
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Brook versions prior to 20230606
Description
The
tproxy server in Brook is vulnerable to a drive-by command injection. An attacker can trick a victim into visiting a malicious web page, triggering requests to the local tproxy service and leading to remote code execution.Recommendations
For versions prior to 20230606, update to version 20230606 to resolve the issue. As a temporary workaround, consider restricting access to the
tproxy server to minimize the risk of exploitation.Exploit
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Brook