Cyber Resilience

CVE-2023-47356

HighRCE

Published: 17 July 2025

Published
17 July 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0186 83.5th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-47356 is a high-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 16.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2023-47356 is a remote command execution (RCE) vulnerability affecting Mingyu Security Gateway versions before v3.0-5.3p. The issue arises via the log_type parameter at the /log/fw_security.mds endpoint and is classified under CWE-77 (Command Injection). It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

Attackers with low-privilege user access (PR:L) can exploit this vulnerability remotely over the network (AV:N) with low attack complexity (AC:L) and without requiring user interaction (UI:N). Successful exploitation enables arbitrary command execution on the gateway, resulting in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H) within the unchanged scope (S:U).

Details on exploitation, including proof-of-concept demonstrations, are documented in the following references: https://gist.github.com/night-0p/8d414bfef1cb16539da67e122d91e8da and https://github.com/night-0p/anh/blob/main/MingyuSecurityGateway/rce1.md. The vulnerability is fixed in Mingyu Security Gateway v3.0-5.3p, so upgrading to this version or later is the recommended mitigation.

EU & UK References

Vulnerability details

Mingyu Security Gateway before v3.0-5.3p was discovered to contain a remote command execution (RCE) vulnerability via the log_type parameter at /log/fw_security.mds.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Direct RCE via command injection on public-facing web endpoint enables T1190 exploitation and Unix shell command execution (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-4048Shared CWE-77
CVE-2026-31059Shared CWE-77
CVE-2026-22284Shared CWE-77
CVE-2024-39783Shared CWE-77
CVE-2024-57583Shared CWE-77
CVE-2026-46368Shared CWE-77
CVE-2024-39781Shared CWE-77
CVE-2024-39367Shared CWE-77
CVE-2026-3518Shared CWE-77
CVE-2024-57590Shared CWE-77

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents command injection vulnerabilities like CVE-2023-47356 by requiring validation mechanisms for inputs such as the log_type parameter to block malicious commands.

prevent

Mitigates the specific flaw in Mingyu Security Gateway by requiring timely identification, reporting, and correction through patching to v3.0-5.3p or later.

preventdetect

Supports discovery and remediation of RCE vulnerabilities like CVE-2023-47356 through regular vulnerability scanning and monitoring for newly reported flaws.

References