CVE-2023-38747

Name of the Vulnerable Software and Affected Versions CX-Programmer Included in CX-One CXONE-AL[][]D-V4 versions 9.80 and earlier

Description A heap-based buffer overflow issue exists, which can be exploited by having a user open a specially crafted CXP file. This may lead to information disclosure and/or arbitrary code execution. The vulnerability is related to a buffer overflow in memory, allowing an attacker to access confidential information or execute arbitrary code.

Recommendations For versions 9.80 and earlier, consider avoiding the use of specially crafted CXP files until a patch is available. As a temporary workaround, restrict the opening of CXP files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.