Vulnerability Details CVE-2023-25266
An issue was discovered in Docmosis Tornado prior to version 2.9.5. An authenticated attacker can change the Office directory setting pointing to an arbitrary remote network path. This triggers the execution of the soffice binary under the attackers control leading to arbitrary remote code execution (RCE).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 79.5%
CVSS Severity
CVSS v3 Score 8.8
References
- https://frycos.github.io/vulns4free/2023/01/24/0days-united-nations.html
- https://resources.docmosis.com/content/documentation/tornado-v2-9-5-release-notes
- https://frycos.github.io/vulns4free/2023/01/24/0days-united-nations.html
- https://resources.docmosis.com/content/documentation/tornado-v2-9-5-release-notes
Products affected by CVE-2023-25266
-
cpe:2.3:a:docmosis:tornado:-
-
cpe:2.3:a:docmosis:tornado:1.0
-
cpe:2.3:a:docmosis:tornado:1.2
-
cpe:2.3:a:docmosis:tornado:1.3
-
cpe:2.3:a:docmosis:tornado:2.0
-
cpe:2.3:a:docmosis:tornado:2.1
-
cpe:2.3:a:docmosis:tornado:2.2
-
cpe:2.3:a:docmosis:tornado:2.3
-
cpe:2.3:a:docmosis:tornado:2.4
-
cpe:2.3:a:docmosis:tornado:2.5
-
cpe:2.3:a:docmosis:tornado:2.6
-
cpe:2.3:a:docmosis:tornado:2.7
-
cpe:2.3:a:docmosis:tornado:2.7.1
-
cpe:2.3:a:docmosis:tornado:2.7.2
-
cpe:2.3:a:docmosis:tornado:2.7.3
-
cpe:2.3:a:docmosis:tornado:2.8.0
-
cpe:2.3:a:docmosis:tornado:2.8.1
-
cpe:2.3:a:docmosis:tornado:2.8.2
-
cpe:2.3:a:docmosis:tornado:2.8.3
-
cpe:2.3:a:docmosis:tornado:2.8.4
-
cpe:2.3:a:docmosis:tornado:2.8.5
-
cpe:2.3:a:docmosis:tornado:2.8.6
-
cpe:2.3:a:docmosis:tornado:2.9.0
-
cpe:2.3:a:docmosis:tornado:2.9.1
-
cpe:2.3:a:docmosis:tornado:2.9.2
-
cpe:2.3:a:docmosis:tornado:2.9.3
-
cpe:2.3:a:docmosis:tornado:2.9.4