CVE-2023-48193
Published: 28 November 2023
Summary
CVE-2023-48193 is a critical-severity an unspecified weakness vulnerability in Fit2Cloud Jumpserver. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 11.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-52273
Vulnerability details
Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function. NOTE: this is disputed because command filtering is not intended to restrict what code can be run by authorized…
more
users who are allowed to execute files.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Insecure permissions in JumpServer enable remote attackers to bypass command filtering for arbitrary code execution, facilitating exploitation of public-facing applications (T1190), remote services (T1210), privilege escalation via exploitation (T1068), and command/script interpreter execution (T1059).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.