CVE-2023-24253 – This SQL injection vulnerability in Domotica La... (How to Fix)

Q: What is the severity of CVE-2023-24253?

CVE-2023-24253 has a CVSS score of 9.8 (CRITICAL). This SQL injection vulnerability in Domotica Labs srl Ikon Server allows attackers to execute arbitrary SQL commands on the database. It affects all Ikon Server installations before version 2.8.6, potentially compromising sensitive data and system integrity.

📋 TL;DR

This SQL injection vulnerability in Domotica Labs srl Ikon Server allows attackers to execute arbitrary SQL commands on the database. It affects all Ikon Server installations before version 2.8.6, potentially compromising sensitive data and system integrity.

💻 Affected Systems

Products:

Domotica Labs srl Ikon Server

Versions: All versions before 2.8.6

Operating Systems: Any OS running Ikon Server

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations are vulnerable if running affected versions.

📦 What is this software?

Ikon Server by Domoticalabs

View all CVEs affecting Ikon Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise including data theft, data manipulation, privilege escalation, and potential remote code execution through database functions.

🟠

Likely Case

Unauthorized access to sensitive data stored in the database, including user credentials, configuration data, and system information.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and network segmentation in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities typically have low exploitation complexity, especially when unauthenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.8.6

Vendor Advisory: https://www.swascan.com/it/security-advisory-domotica-labs-ikon-server/

Restart Required: Yes

Instructions:

1. Download Ikon Server version 2.8.6 or later from official sources. 2. Backup current configuration and data. 3. Stop Ikon Server service. 4. Install the updated version. 5. Restart Ikon Server service. 6. Verify functionality.

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict network access to Ikon Server to only trusted IP addresses

iptables -A INPUT -p tcp --dport [IKON_PORT] -s [TRUSTED_IP] -j ACCEPT
iptables -A INPUT -p tcp --dport [IKON_PORT] -j DROP

Web Application Firewall

all

Deploy WAF with SQL injection protection rules

🧯 If You Can't Patch

Implement strict input validation and parameterized queries in application code
Deploy database monitoring to detect SQL injection attempts

🔍 How to Verify

Check if Vulnerable:

Check Ikon Server version via web interface or configuration files. If version is below 2.8.6, system is vulnerable.

Check Version:

Check web interface or configuration files for version information

Verify Fix Applied:

Confirm version is 2.8.6 or higher and test SQL injection attempts are blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL query patterns in database logs
Multiple failed login attempts with SQL-like payloads
Unexpected database errors in application logs

Network Indicators:

HTTP requests containing SQL keywords (SELECT, UNION, etc.)
Unusual database connection patterns

SIEM Query:

source="*ikon*" AND ("SELECT" OR "UNION" OR "INSERT" OR "DELETE") AND status="200"

📊 Metadata

CVE ID: CVE-2023-24253

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: February 27, 2023

Last Updated: November 21, 2024

🔗 References

https://www.swascan.com/it/security-advisory-domotica-labs-ikon-server/ Third Party Advisory
https://www.swascan.com/it/security-advisory-domotica-labs-ikon-server/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-24253, you might also want to check these: