CVE-2023-45727
Published: 18 October 2023
Summary
CVE-2023-45727 is a high-severity Improper Restriction of XML External Entity Reference (CWE-611) vulnerability in Northgrid Proself. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 4.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-3 (Access Enforcement).
Deeper analysis
CVE-2023-45727 is an XML External Entity (XXE) vulnerability, tracked under CWE-611, that affects Proself Enterprise/Standard Edition versions 5.62 and earlier, Proself Gateway Edition versions 1.65 and earlier, and Proself Mail Sanitize Edition versions 1.08 and earlier. The flaw resides in the products' handling of XML input and permits a remote attacker to supply malformed XML data that triggers external entity resolution.
An unauthenticated attacker can send a specially crafted request over the network to read arbitrary files on the server, including those that contain account information. The attack requires no user interaction or credentials and carries a CVSS 3.1 score of 7.5, reflecting high confidentiality impact with no integrity or availability effects.
Vendor advisories from Proself and JVN recommend upgrading to fixed versions that disable or properly configure XML entity processing. The vulnerability also appears in the CISA Known Exploited Vulnerabilities catalog, confirming observed in-the-wild exploitation.
EPSS scores for the CVE rose from a low baseline to a peak of 0.4148 on 2024-12-12 before receding to the current value of 0.2105, indicating that exploitation interest increased after public disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-50016
Vulnerability details
Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed…
more
XML data, arbitrary files on the server containing account information may be read by the attacker.
- CWE(s)
- KEV Date Added
- 03 December 2024
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of XML input to reject malformed external entity declarations that enable the XXE file disclosure.
Enforces access-control decisions so that unauthenticated requests cannot reach file-system resources containing account data.
Monitors inbound XML traffic and anomalous file-access patterns that would indicate successful XXE exploitation.