Elevation of Privilege Vulnerability Affects Windows Telephony Server
Key Information
- Vendor
- Microsoft
- Status
- Windows 10 Version 1809
- Windows Server 2019
- Windows Server 2019 (server Core Installation)
- Windows Server 2022
- Vendor
- CVE Published:
- 9 April 2024
Badges
Summary
This article discusses the vulnerability CVE-2023-51467 in the Apache OFBiz open source ERP system. The vulnerability allows attackers to bypass authentication processes and execute SSRF, potentially leading to remote code execution. It was discovered during a root cause analysis of a previous vulnerability in Apache OFBiz. There have been attempts to exploit this vulnerability in the wild, indicating active interest from threat actors, including ransomware groups. The developers of Apache OFBiz released version 18.12.11 to fix the vulnerability, and organizations are urged to upgrade to this version to mitigate the risk. The exploitation of this vulnerability poses a significant risk, as it can lead to unauthorized access, system compromise, and the spread of malware. It is part of a larger pattern of critical vulnerabilities being targeted in Apache software, highlighting the importance of timely patching and security vigilance.
Affected Version(s)
Windows 10 Version 1809 < 10.0.17763.5696
Windows Server 2019 < 10.0.17763.5696
Windows Server 2019 (Server Core installation) < 10.0.17763.5696
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
CVSS V3.1
Timeline
- 👾
Exploit exists.
First article discovered by unSafe.sh
Vulnerability published.
Vulnerability Reserved.