Cyber Resilience

CVE-2023-35042

Critical

Published: 12 June 2023

Published
12 June 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.3428 97.1th percentile
Risk Priority 40 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-35042 is a critical-severity an unspecified weakness vulnerability in Geoserver Geoserver. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 2.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

GeoServer 2 contains a critical remote code execution vulnerability, CVE-2023-35042, that affects the Web Processing Service in some configurations. Attackers can supply a java.lang.Runtime.getRuntime().exec call inside a wps:LiteralData element of a wps:Execute request to run arbitrary commands on the underlying server.

Unauthenticated remote attackers can exploit the flaw over the network to achieve full code execution, compromising confidentiality, integrity, and availability. The issue was observed being exploited in the wild in June 2023, shortly after disclosure, and carries a CVSS 3.1 base score of 9.8.

Vendor statements indicate the problem could not be reproduced in any supported version, while public references focus on WPS Execute documentation and incident reporting from SANS ISC. The associated EPSS score reached 0.3428, a material rise that signals emerging exploitation interest after the CVE became public.

EU & UK References

Vulnerability details

GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in…

more

any version.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

geoserver
geoserver
≥ 2.0.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References