{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-37569","assignerOrgId":"66834db9-ab24-42b4-be80-296b2e40335c","state":"PUBLISHED","assignerShortName":"CERT-In","dateReserved":"2023-07-07T09:41:33.905Z","datePublished":"2023-08-08T08:04:22.979Z","dateUpdated":"2025-02-13T17:01:29.769Z"},"containers":{"cna":{"title":"OS Command Injection Vulnerability in Emagic Data Center Management Suite","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-78","description":"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-88","descriptions":[{"lang":"en","value":"CAPEC-88 OS Command Injection"}]}],"affected":[{"vendor":"ESDS","product":"Emagic Data Center Management Suite","versions":[{"status":"affected","version":"0","lessThanOrEqual":"V6.0","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"This vulnerability exists in ESDS Emagic Data Center Management Suit due to lack of input sanitization in its Ping component. A remote authenticated attacker could exploit this by injecting OS commands on the targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to execute arbitrary code on targeted system.","supportingMedia":[{"type":"text/html","base64":false,"value":"This vulnerability exists in ESDS Emagic Data Center Management Suit due to lack of input sanitization in its Ping component. A remote authenticated attacker could exploit this by injecting OS commands on the targeted system.<br><br>Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on targeted system.<br>"}]}],"references":[{"url":"https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0226"},{"url":"http://packetstormsecurity.com/files/174084/Emagic-Data-Center-Management-Suite-6.0-Remote-Command-Execution.html"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseSeverity":"HIGH","baseScore":8.8,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}],"solutions":[{"lang":"en","value":"Upgrade to Enlight360 Datacenter Management Center Suite with latest version v8.9","supportingMedia":[{"type":"text/html","base64":false,"value":"Upgrade to Enlight360 Datacenter Management Center Suite with latest version v8.9<br>"}]}],"credits":[{"lang":"en","value":"Shubham Pandey of C3i Center, IIT Kanpur","type":"finder"},{"lang":"en","value":"Lohitya Pushkar of C3i Center, IIT Kanpur","type":"finder"},{"lang":"en","value":"Chinamay Joshi of ESDS Software Solution Limited, Maharashtra","type":"finder"}],"source":{"discovery":"UNKNOWN"},"providerMetadata":{"orgId":"66834db9-ab24-42b4-be80-296b2e40335c","shortName":"CERT-In","dateUpdated":"2023-08-09T17:06:18.566Z"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T17:16:30.874Z"},"title":"CVE Program Container","references":[{"url":"https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0226","tags":["x_transferred"]},{"url":"http://packetstormsecurity.com/files/174084/Emagic-Data-Center-Management-Suite-6.0-Remote-Command-Execution.html","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-10T17:58:45.979633Z","id":"CVE-2023-37569","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-10T17:58:58.986Z"}}]}}