PT-2023-28724 · Afterlogic · Afterlogic Aurora Files

Lorenzo Leonardini

·

Published

2023-10-03

·

Updated

2023-10-05

·

CVE-2023-43176

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Afterlogic Aurora Files version 9.7.3
Description A deserialization vulnerability allows attackers to execute arbitrary code via supplying a crafted .sabredav file.
Recommendations For Afterlogic Aurora Files version 9.7.3, update to a version that fixes this issue to prevent arbitrary code execution.

Exploit

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2023-43176

Affected Products

Afterlogic Aurora Files