CVE-2023-29048

08.01.2024, 09:15

A component for parsing OXMF templates could be abused to execute arbitrary system commands that would be executed as the non-privileged runtime user. Users and attackers could run system commands with limited privilege to gain unauthorized access to confidential information and potentially violate integrity by modifying resources. The template engine has been reconfigured to deny execution of harmful commands on a system level. No publicly available exploits are known.

OS Command Injection

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
OX	CNA	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 50%

Vendor	Product	Version
open-xchange	ox_app_suite	𝑥 < 7.10.6
open-xchange	ox_app_suite	7.10.6
open-xchange	ox_app_suite	7.10.6:rev01
open-xchange	ox_app_suite	7.10.6:rev02
open-xchange	ox_app_suite	7.10.6:rev03
open-xchange	ox_app_suite	7.10.6:rev04
open-xchange	ox_app_suite	7.10.6:rev05
open-xchange	ox_app_suite	7.10.6:rev06
open-xchange	ox_app_suite	7.10.6:rev07
open-xchange	ox_app_suite	7.10.6:rev08
open-xchange	ox_app_suite	7.10.6:rev09
open-xchange	ox_app_suite	7.10.6:rev10
open-xchange	ox_app_suite	7.10.6:rev11
open-xchange	ox_app_suite	7.10.6:rev12
open-xchange	ox_app_suite	7.10.6:rev13
open-xchange	ox_app_suite	7.10.6:rev14
open-xchange	ox_app_suite	7.10.6:rev15
open-xchange	ox_app_suite	7.10.6:rev16
open-xchange	ox_app_suite	7.10.6:rev17
open-xchange	ox_app_suite	7.10.6:rev18
open-xchange	ox_app_suite	7.10.6:rev19
open-xchange	ox_app_suite	7.10.6:rev20
open-xchange	ox_app_suite	7.10.6:rev21
open-xchange	ox_app_suite	7.10.6:rev22
open-xchange	ox_app_suite	7.10.6:rev23
open-xchange	ox_app_suite	7.10.6:rev24
open-xchange	ox_app_suite	7.10.6:rev25
open-xchange	ox_app_suite	7.10.6:rev26
open-xchange	ox_app_suite	7.10.6:rev27
open-xchange	ox_app_suite	7.10.6:rev28
open-xchange	ox_app_suite	7.10.6:rev29
open-xchange	ox_app_suite	7.10.6:rev30
open-xchange	ox_app_suite	7.10.6:rev31
open-xchange	ox_app_suite	7.10.6:rev32
open-xchange	ox_app_suite	7.10.6:rev33
open-xchange	ox_app_suite	7.10.6:rev34
open-xchange	ox_app_suite	7.10.6:rev35
open-xchange	ox_app_suite	7.10.6:rev36
open-xchange	ox_app_suite	7.10.6:rev37
open-xchange	ox_app_suite	7.10.6:rev50

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References

http://packetstormsecurity.com/files/176421/OX-App-Suite-7.10.6-XSS-Command-Execution-LDAP-Injection.html

http://seclists.org/fulldisclosure/2024/Jan/3

https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0005.json

https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6248_7.10.6_2023-09-19.pdf

http://packetstormsecurity.com/files/176421/OX-App-Suite-7.10.6-XSS-Command-Execution-LDAP-Injection.html

http://seclists.org/fulldisclosure/2024/Jan/3

https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0005.json

https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6248_7.10.6_2023-09-19.pdf