CVE-2023-3325

EPSS 0.09%
Veröffentlicht 20.06.2023 05:15:09
Zuletzt bearbeitet 21.11.2024 08:17:01
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

CMS Commander <= 2.287 - Authorization Bypass through Use of Insufficiently Unique Cryptographic Signature

The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmsc_add_site' function in versions up to, and including, 2.287. This makes it possible for unauthenticated attackers to the plugin to change the '_cmsc_public_key' in the plugin config, providing access to the plugin's remote control functionalities, such as creating an admin access URL, which can be used for privilege escalation. This can only be exploited if the plugin has not been configured yet, however, if combined with another arbitrary plugin installation and activation vulnerability, the impact can be severe.

Mögliche Gegenmaßnahme

CMS Commander – Manage Multiple Sites: Update to version 2.288, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt CMS Commander – Manage Multiple Sites

Version *-2.287

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cmscommander ≫ Cms Commander SwPlatformwordpress Version <= 2.287

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.261

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security@wordfence.com	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-331 Insufficient Entropy

The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

https://plugins.trac.wordpress.org/browser/cms-commander-client/tags/2.287/init.php#L88

Product

https://plugins.trac.wordpress.org/changeset/2927811/cms-commander-client

Patch

https://www.wordfence.com/threat-intel/vulnerabilities/id/ca37d453-9f9a-46b2-a17f-65a16e3e2ed1?source=cve

Patch

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/ca37d453-9f9a-46b2-a17f-65a16e3e2ed1

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-3325

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-3325

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-3325

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-3325