CVE-2023-37469

moderate-risk
Published 2023-08-24

CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue.

Do I need to act?

-
0.41% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Icewhale

References (10)

Product https://github.com/IceWhaleTech/CasaOS/blob/96e92842357230098c771bc41fd3baf46189...
Product https://github.com/IceWhaleTech/CasaOS/blob/96e92842357230098c771bc41fd3baf46189...
Patch https://github.com/IceWhaleTech/CasaOS/commit/af440eac5563644854ff33f72041e52d3f...
Release Notes https://github.com/IceWhaleTech/CasaOS/releases/tag/v0.4.4
Exploit https://securitylab.github.com/advisories/GHSL-2022-119_CasaOS/
Product https://github.com/IceWhaleTech/CasaOS/blob/96e92842357230098c771bc41fd3baf46189...
Product https://github.com/IceWhaleTech/CasaOS/blob/96e92842357230098c771bc41fd3baf46189...
Patch https://github.com/IceWhaleTech/CasaOS/commit/af440eac5563644854ff33f72041e52d3f...
Release Notes https://github.com/IceWhaleTech/CasaOS/releases/tag/v0.4.4
Exploit https://securitylab.github.com/advisories/GHSL-2022-119_CasaOS/
37
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 2/34 · Minimal
Exposure 5/34 · Minimal