CVE-2023-1714 - OpenCVE

Unsafe variable extraction in bitrix/modules/main/classes/general/user_options.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via (1) appending arbitrary content to existing PHP files or (2) PHAR deserialization.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Bitrix24	Bitrix24

Configuration 1 [-]

cpe:2.3:a:bitrix24:bitrix24:22.0.300:*:*:*:*:*:*:*

References

Link	Resource
https://starlabs.sg/advisories/23/23-1714/	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: STAR_Labs

Published: 2023-11-01T09:02:47.607Z

Updated: 2023-11-01T09:02:47.607Z

Reserved: 2023-03-30T09:15:34.398Z

Link: CVE-2023-1714

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-11-01T10:15:09.050

Modified: 2023-11-09T20:38:00.327

Link: CVE-2023-1714

JSON object: View

Redhat Information

No data.

CWE

CWE-502

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-1714", "assignerOrgId": "b1571b85-cbc9-431f-830b-0c8155323a69", "state": "PUBLISHED", "assignerShortName": "STAR_Labs", "dateReserved": "2023-03-30T09:15:34.398Z", "datePublished": "2023-11-01T09:02:47.607Z", "dateUpdated": "2023-11-01T09:02:47.607Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Bitrix24", "programFiles": ["file:bitrix/modules/main/classes/general/user_options.php"], "vendor": "Bitrix24", "versions": [{"lessThanOrEqual": "22.0.300", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Lam Jun Rong & Li Jiantao of STAR Labs SG Pte. Ltd. (@starlabs_sg)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Unsafe variable extraction in bitrix/modules/main/classes/general/user_options.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via (1) appending arbitrary content to existing PHP files or (2) PHAR deserialization."}], "value": "Unsafe variable extraction in bitrix/modules/main/classes/general/user_options.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via (1) appending arbitrary content to existing PHP files or (2) PHAR deserialization."}], "impacts": [{"capecId": "CAPEC-549", "descriptions": [{"lang": "en", "value": "CAPEC-549 Local Execution of Code"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b1571b85-cbc9-431f-830b-0c8155323a69", "shortName": "STAR_Labs", "dateUpdated": "2023-11-01T09:02:47.607Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://starlabs.sg/advisories/23/23-1714/"}], "source": {"discovery": "UNKNOWN"}, "title": "Bitrix24 Remote Command Execution (RCE) via Unsafe Variable Extraction", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bitrix24:bitrix24:22.0.300:*:*:*:*:*:*:*", "matchCriteriaId": "D47D6185-F86F-4402-85C1-C0A0EAE09B0D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unsafe variable extraction in bitrix/modules/main/classes/general/user_options.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via (1) appending arbitrary content to existing PHP files or (2) PHAR deserialization."}, {"lang": "es", "value": "La extracci\u00f3n de variables inseguras en bitrix/modules/main/classes/general/user_options.php en Bitrix24 22.0.300 permite a atacantes remotos autenticados ejecutar c\u00f3digo arbitrario mediante (1) a\u00f1adiendo contenido arbitrario a archivos PHP existentes o (2) deserializaci\u00f3n PHAR."}], "id": "CVE-2023-1714", "lastModified": "2023-11-09T20:38:00.327", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "info@starlabs.sg", "type": "Secondary"}]}, "published": "2023-11-01T10:15:09.050", "references": [{"source": "info@starlabs.sg", "tags": ["Exploit", "Third Party Advisory"], "url": "https://starlabs.sg/advisories/23/23-1714/"}], "sourceIdentifier": "info@starlabs.sg", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-502"}], "source": "info@starlabs.sg", "type": "Secondary"}]}