CVE-2023-22335
📋 TL;DR
This vulnerability allows remote attackers to bypass access controls and download arbitrary files from the directory where SS1 or Rakuraku PC Cloud Agent runs. When combined with CVE-2023-22336 and CVE-2023-22344, it can lead to remote code execution with SYSTEM privileges. Organizations using SS1 Ver.13.0.0.40 and earlier or Rakuraku PC Cloud Agent Ver.2.1.8 and earlier are affected.
💻 Affected Systems
- SS1
- Rakuraku PC Cloud Agent
📦 What is this software?
Ss1 by Dos Osaka
⚠️ Risk & Real-World Impact
Worst Case
Remote attacker gains SYSTEM privileges and full control of affected systems through arbitrary code execution by chaining with other vulnerabilities.
Likely Case
Attackers download sensitive files from the application directory, potentially exposing configuration data, credentials, or other sensitive information.
If Mitigated
With proper network segmentation and access controls, impact is limited to file disclosure within the application directory.
🎯 Exploit Status
Exploitation requires chaining multiple vulnerabilities for full impact. The access control bypass alone allows file downloads without authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: SS1: Update to version newer than 13.0.0.40; Rakuraku PC Cloud Agent: Update to version newer than 2.1.8
Vendor Advisory: https://www.dos-osaka.co.jp/news/2023/03/230301.html
Restart Required: Yes
Instructions:
1. Download the latest version from the vendor website. 2. Backup current configuration. 3. Install the update. 4. Restart the service/system. 5. Verify the update was successful.
🔧 Temporary Workarounds
Network Segmentation
allRestrict network access to affected systems to only trusted IP addresses
Use firewall rules to block external access to the application ports
Application Directory Hardening
windowsRestrict file permissions in the application directory
icacls "C:\Program Files\SS1" /deny Everyone:(OI)(CI)F
icacls "C:\Program Files\Rakuraku" /deny Everyone:(OI)(CI)F
🧯 If You Can't Patch
- Isolate affected systems in a separate network segment with strict access controls
- Implement application allowlisting to prevent execution of unauthorized scripts
🔍 How to Verify
Check if Vulnerable:
Check the installed version of SS1 or Rakuraku PC Cloud Agent against affected version rangesCheck Version:
For SS1: Check Help > About in the application interface; For Rakuraku: Check the agent properties or installed programs listVerify Fix Applied:
Verify the installed version is newer than the affected versions and test file download functionality is properly restricted📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns in application logs
- Multiple failed access attempts followed by successful file downloads
Network Indicators:
- Unexpected file download requests to the application
- Traffic patterns matching exploit chains
SIEM Query:
source="application_logs" AND (event_type="file_access" AND file_path="*application_directory*" AND user="unknown")