CVE-2023-0646
Published: 02 February 2023
Summary
CVE-2023-0646 is a medium-severity Command Injection (CWE-77) vulnerability in Dst-Admin Project Dst-Admin. Its CVSS base score is 6.3 (Medium).
Operationally, ranked in the top 8.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2023-0646 is a command injection vulnerability in dst-admin 1.5.0 that resides in the /home/cavesConsole endpoint. The flaw arises from unsanitized handling of the command argument and is tracked as CWE-77 with a CVSS 3.1 score of 6.3.
An authenticated remote attacker can supply a malicious command value to the affected interface and achieve arbitrary command execution on the underlying system. Public exploit code for this issue has been released.
The associated EPSS score has remained flat at 0.0626 with no material rise after disclosure. Available references consist of a GitHub repository containing reproduction details and multiple Vuldb entries, but contain no information on official patches or mitigation steps.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-12680
Vulnerability details
A vulnerability classified as critical was found in dst-admin 1.5.0. Affected by this vulnerability is an unknown functionality of the file /home/cavesConsole. The manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit…
more
has been disclosed to the public and may be used. The identifier VDB-220033 was assigned to this vulnerability.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.