CVE-2023-31465
Published: 26 July 2023
Summary
CVE-2023-31465 is a critical-severity an unspecified weakness vulnerability in Fsmlabs Timekeeper. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
FSMLabs TimeKeeper versions 8.0.17 through 8.0.28 contain a remote code execution vulnerability in the getsamplebacklog handler. Query parameters named arg[x] are passed directly from the URL into a Bash execution context, allowing an attacker who can reach the endpoint to substitute arg[2] with arbitrary shell commands that run with the privileges of the TimeKeeper process.
Unauthenticated network attackers can exploit the flaw over HTTP without user interaction. Successful injection yields full read, write, and execute access on the affected server, enabling complete system compromise as reflected in the CVSS 9.8 base score.
Public references point to an FSMLabs cybersecurity advisory and a detailed proof-of-concept that demonstrate the injection vector; operators should consult these sources for any vendor-supplied patches or configuration changes.
The associated EPSS score remains elevated near 0.91 with no material post-disclosure climb from a low baseline.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-35771
Vulnerability details
An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to find the getsamplebacklog call. Some query parameters are passed directly in the URL and named arg[x], with x an…
more
integer starting from 1; it is possible to modify arg[2] to insert Bash code that will be executed directly by the server.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.