A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux user on the host system via forged update packages.
References
Link | Resource |
---|---|
https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36650 | Exploit Third Party Advisory |
https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36650 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 08:10
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36650 - Exploit, Third Party Advisory |
13 Dec 2023, 23:51
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-12 01:15
Updated : 2024-11-21 08:10
NVD link : CVE-2023-36650
Mitre link : CVE-2023-36650
CVE.ORG link : CVE-2023-36650
JSON object : View
Products Affected
prolion
- cryptospike
CWE
CWE-354
Improper Validation of Integrity Check Value