Unsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE. Authentication to the API is required to exploit this vulnerability. The flaw exists within the network_traffic API endpoint. An attacker can leverage this vulnerability to execute code in the context of the PCE’s operating system user.
References
| Link | Resource |
|---|---|
| https://docs.illumio.com/Guides/security-advisories/september-2023/cve-2023-5183.htm | Vendor Advisory |
| https://docs.illumio.com/Guides/security-advisories/september-2023/cve-2023-5183.htm | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:41
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.9 |
| References | () https://docs.illumio.com/Guides/security-advisories/september-2023/cve-2023-5183.htm - Vendor Advisory |
02 Oct 2023, 19:22
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Illumio core Policy Compute Engine
Illumio |
|
| CPE | cpe:2.3:a:illumio:core_policy_compute_engine:*:*:*:*:*:*:*:* | |
| References | (MISC) https://docs.illumio.com/Guides/security-advisories/september-2023/cve-2023-5183.htm - Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
| CWE | CWE-502 |
27 Sep 2023, 15:19
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-09-27 15:19
Updated : 2024-11-21 08:41
NVD link : CVE-2023-5183
Mitre link : CVE-2023-5183
CVE.ORG link : CVE-2023-5183
JSON object : View
Products Affected
illumio
- core_policy_compute_engine
CWE
CWE-502
Deserialization of Untrusted Data