Cyber Resilience

CVE-2023-31465

CriticalPublic PoC

Published: 26 July 2023

Published
26 July 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9054 99.6th percentile
Risk Priority 74 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-31465 is a critical-severity an unspecified weakness vulnerability in Fsmlabs Timekeeper. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

FSMLabs TimeKeeper versions 8.0.17 through 8.0.28 contain a remote code execution vulnerability in the getsamplebacklog handler. Query parameters named arg[x] are passed directly from the URL into a Bash execution context, allowing an attacker who can reach the endpoint to substitute arg[2] with arbitrary shell commands that run with the privileges of the TimeKeeper process.

Unauthenticated network attackers can exploit the flaw over HTTP without user interaction. Successful injection yields full read, write, and execute access on the affected server, enabling complete system compromise as reflected in the CVSS 9.8 base score.

Public references point to an FSMLabs cybersecurity advisory and a detailed proof-of-concept that demonstrate the injection vector; operators should consult these sources for any vendor-supplied patches or configuration changes.

The associated EPSS score remains elevated near 0.91 with no material post-disclosure climb from a low baseline.

EU & UK References

Vulnerability details

An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to find the getsamplebacklog call. Some query parameters are passed directly in the URL and named arg[x], with x an…

more

integer starting from 1; it is possible to modify arg[2] to insert Bash code that will be executed directly by the server.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

fsmlabs
timekeeper
8.0.17 — 8.0.28

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References