Cyber Resilience

CVE-2023-42231

High

Published: 13 January 2025

Published
13 January 2025
Modified
17 April 2025
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0015 34.9th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-42231 is a high-severity Improper Preservation of Permissions (CWE-281) vulnerability in Zucchetti Helpdeskadvanced. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 34.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2023-42231 is an Incorrect Access Control vulnerability (CWE-281) affecting Pat Infinite Solutions HelpdeskAdvanced versions up to and including 11.0.33. The issue allows low-privileged users to delete administrator accounts by sending a specially crafted request to the "WSCView/Delete" function. It has a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H), indicating high severity due to network accessibility, low attack complexity, and significant impacts on integrity and availability.

A low-privileged user with valid credentials can exploit this vulnerability remotely without user interaction. By targeting the "WSCView/Delete" endpoint, the attacker can delete admin users, potentially leading to denial of service for administrative functions and unauthorized disruption of access controls.

The primary reference for advisories is available at https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md. Specific details on patches or mitigations are not outlined in the provided CVE information.

EU & UK References

Vulnerability details

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can delete admin users by sending a request to the "WSCView/Delete" function.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1531 Account Access Removal Impact
Adversaries may interrupt availability of system and network resources by inhibiting access to accounts utilized by legitimate users.
Why these techniques?

Vuln in web app (helpdesk) allows remote unauthorized account deletion via crafted request, directly enabling public-facing app exploitation and resulting account access removal.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2023-42228Same product: Zucchetti Helpdeskadvanced
CVE-2023-42226Same product: Zucchetti Helpdeskadvanced
CVE-2023-42232Same product: Zucchetti Helpdeskadvanced
CVE-2023-42227Same product: Zucchetti Helpdeskadvanced
CVE-2023-42225Same product: Zucchetti Helpdeskadvanced
CVE-2024-51319Same vendor: Zucchetti
CVE-2024-56973Shared CWE-281
CVE-2024-51321Same vendor: Zucchetti
CVE-2024-46310Shared CWE-281
CVE-2024-54818Shared CWE-281

Affected Assets

zucchetti
helpdeskadvanced
≤ 11.0.33

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

AC-3 mandates enforcement of approved authorizations, directly preventing low-privileged users from accessing the WSCView/Delete function to remove admin accounts.

prevent

AC-6 enforces least privilege, ensuring low-privileged users lack the permissions needed to delete administrator accounts via the vulnerable endpoint.

prevent

AC-2 requires managed account lifecycle processes that authorize only appropriate roles for deletions, mitigating unauthorized admin account removal.

References