CVE-2023-39854

Published: Oct 9, 2023Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The web interface of ATX Ucrypt through 3.5 allows authenticated users (or attackers using default credentials for the admin, master, or user account) to include files via a URL in the /hydra/view/get_cc_url url parameter. There can be resultant SSRF.

Affected (1)

Products: Atx: Ucrypt

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Atx Ucrypt	Up to 3.5

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (2)

https://wiki.notveg.ninja/blog/CVE-2023-39854/

Source: cve@mitre.org

MitigationThird Party Advisory

https://wiki.notveg.ninja/blog/CVE-2023-39854/

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party Advisory

Timeline

No history available yet.