CVE-2023-31446
Published: 10 January 2024
Summary
CVE-2023-31446 is a critical-severity Command Injection (CWE-77) vulnerability in Cassianetworks Xc1000 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2023-31446 affects Cassia Gateway firmware versions XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947. The root cause is a lack of sanitization on the queueUrl parameter accepted by the /bypass/config endpoint, which permits injection of Bash commands that are later executed with root privileges during device startup. The flaw is tracked under CWE-77 and carries a CVSS 3.1 score of 9.8.
An unauthenticated attacker with network access can supply a malicious queueUrl value and thereby achieve arbitrary command execution as root on the affected gateway. Because the injected commands run automatically at boot, successful exploitation provides persistent control of the device without further interaction.
The associated EPSS score currently stands at 0.9168 with a recorded peak of 0.9285, indicating sustained and substantial exploitation interest since disclosure. Public proof-of-concept material is available that demonstrates remote code execution against the listed firmware builds.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-35754
Vulnerability details
In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.