CVE-2023-50090
Published: 03 January 2024
Summary
CVE-2023-50090 is a critical-severity an unspecified weakness vulnerability in Ureport2 Project Ureport2. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Web Shell (T1505.003); ranked at the 27.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-54920
Vulnerability details
Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The arbitrary file write vulnerability in the public-facing ureport2 web application (exploitable remotely via crafted POST request) enables T1190 (exploit public-facing application), facilitates writing web shells for execution (T1100) and persistence (T1505.003), and allows staging malware on the victim (T1608.001), ultimately leading to arbitrary command execution.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.