PT-2023-25623 · Pos/ Dienstleistung · Cashit!
Daniel
+12
·
Published
2023-10-03
·
Updated
2024-02-10
·
CVE-2023-3656
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
cashIT! - serving solutions versions from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37
Description
The issue is an unauthenticated remote code execution vulnerability that can be triggered by an HTTP endpoint exposed to the network.
Recommendations
For versions from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37, as a temporary workaround, consider restricting access to the exposed HTTP endpoint until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cashit!