Vulnerability Details CVE-2023-37469
CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.2%
CVSS Severity
CVSS v3 Score 8.8
References
- https://github.com/IceWhaleTech/CasaOS/blob/96e92842357230098c771bc41fd3baf46189b859/route/v1/samba.go#L121
- https://github.com/IceWhaleTech/CasaOS/blob/96e92842357230098c771bc41fd3baf46189b859/service/connections.go#L58
- https://github.com/IceWhaleTech/CasaOS/commit/af440eac5563644854ff33f72041e52d3fd1f47c
- https://github.com/IceWhaleTech/CasaOS/releases/tag/v0.4.4
- https://securitylab.github.com/advisories/GHSL-2022-119_CasaOS/
- https://github.com/IceWhaleTech/CasaOS/blob/96e92842357230098c771bc41fd3baf46189b859/route/v1/samba.go#L121
- https://github.com/IceWhaleTech/CasaOS/blob/96e92842357230098c771bc41fd3baf46189b859/service/connections.go#L58
- https://github.com/IceWhaleTech/CasaOS/commit/af440eac5563644854ff33f72041e52d3fd1f47c
- https://github.com/IceWhaleTech/CasaOS/releases/tag/v0.4.4
- https://securitylab.github.com/advisories/GHSL-2022-119_CasaOS/
Products affected by CVE-2023-37469
-
cpe:2.3:o:icewhale:casaos:-
-
cpe:2.3:o:icewhale:casaos:0.1.0
-
cpe:2.3:o:icewhale:casaos:0.1.1
-
cpe:2.3:o:icewhale:casaos:0.1.10
-
cpe:2.3:o:icewhale:casaos:0.1.11
-
cpe:2.3:o:icewhale:casaos:0.1.2
-
cpe:2.3:o:icewhale:casaos:0.1.3
-
cpe:2.3:o:icewhale:casaos:0.1.4
-
cpe:2.3:o:icewhale:casaos:0.1.5
-
cpe:2.3:o:icewhale:casaos:0.1.6
-
cpe:2.3:o:icewhale:casaos:0.1.7
-
cpe:2.3:o:icewhale:casaos:0.1.8
-
cpe:2.3:o:icewhale:casaos:0.1.9
-
cpe:2.3:o:icewhale:casaos:0.2.0
-
cpe:2.3:o:icewhale:casaos:0.2.1
-
cpe:2.3:o:icewhale:casaos:0.2.10
-
cpe:2.3:o:icewhale:casaos:0.2.2
-
cpe:2.3:o:icewhale:casaos:0.2.3
-
cpe:2.3:o:icewhale:casaos:0.2.4
-
cpe:2.3:o:icewhale:casaos:0.2.5
-
cpe:2.3:o:icewhale:casaos:0.2.6
-
cpe:2.3:o:icewhale:casaos:0.2.7
-
cpe:2.3:o:icewhale:casaos:0.2.8
-
cpe:2.3:o:icewhale:casaos:0.2.9
-
cpe:2.3:o:icewhale:casaos:0.3.0
-
cpe:2.3:o:icewhale:casaos:0.3.1
-
cpe:2.3:o:icewhale:casaos:0.3.1.1
-
cpe:2.3:o:icewhale:casaos:0.3.2
-
cpe:2.3:o:icewhale:casaos:0.3.2.1
-
cpe:2.3:o:icewhale:casaos:0.3.3
-
cpe:2.3:o:icewhale:casaos:0.3.4
-
cpe:2.3:o:icewhale:casaos:0.3.5
-
cpe:2.3:o:icewhale:casaos:0.3.5.1
-
cpe:2.3:o:icewhale:casaos:0.3.6
-
cpe:2.3:o:icewhale:casaos:0.3.7
-
cpe:2.3:o:icewhale:casaos:0.3.7-1
-
cpe:2.3:o:icewhale:casaos:0.3.7.1
-
cpe:2.3:o:icewhale:casaos:0.3.8
-
cpe:2.3:o:icewhale:casaos:0.4.1
-
cpe:2.3:o:icewhale:casaos:0.4.2
-
cpe:2.3:o:icewhale:casaos:0.4.3
-
cpe:2.3:o:icewhale:casaos:0.4.3-1