PT-2023-25981 · Casaos · Casaos

Kevin Stubbings

Published

2023-08-24

Updated

2024-08-21

CVE-2023-37469

CVSS v4.0

9.3

Critical

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Name of the Vulnerable Software and Affected Versions CasaOS versions prior to 0.4.4

Description CasaOS is an open-source personal cloud system. If an authenticated user is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands.

Recommendations For versions prior to 0.4.4, update to version 0.4.4 to resolve the issue. As a temporary workaround, consider restricting access to controlled SMB servers until the update is applied.

Exploit

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2023-37469

GHSA-92VC-4FCW-G68Q

GO-2023-2026

Affected Products

Casaos

PT-2023-25981 · Casaos · Casaos

CVE-2023-37469

Weakness Enumeration

Related Identifiers

Affected Products

References · 14