Login Sign Up

CVE-2023-28481

8.8 HIGH

📋 TL;DR

This vulnerability in TigerGraph Enterprise 3.7.0 allows any code running as the tigergraph user to write arbitrary SSH public keys to the authorized_keys file. This enables attackers to gain password-less SSH access to the system. Organizations running TigerGraph Enterprise 3.7.0 are affected.

💻 Affected Systems

Products:
  • TigerGraph Enterprise
Versions: 3.7.0
Operating Systems: Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems where TigerGraph Enterprise 3.7.0 is installed and the tigergraph user exists.

📦 What is this software?

Tigergraph by Tigergraph

View all CVEs affecting Tigergraph →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through SSH key injection leading to unauthorized access, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Unauthorized SSH access to the TigerGraph server, allowing attackers to execute commands as the tigergraph user and potentially escalate privileges.

🟢

If Mitigated

Limited impact if proper access controls, network segmentation, and monitoring are in place to detect unauthorized SSH key modifications.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires code execution as the tigergraph user, which could be achieved through other vulnerabilities or misconfigurations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.7.1 or later

Vendor Advisory: https://neo4j.com/security/cve-2023-28481/

Restart Required: Yes

Instructions:

1. Backup your TigerGraph data and configuration. 2. Download and install TigerGraph Enterprise 3.7.1 or later from the official vendor website. 3. Follow the vendor's upgrade documentation. 4. Restart the TigerGraph services.

🔧 Temporary Workarounds

Restrict SSH authorized_keys file permissions

linux

Change permissions on the authorized_keys file to prevent unauthorized writes

chmod 600 /home/tigergraph/.ssh/authorized_keys
chown tigergraph:tigergraph /home/tigergraph/.ssh/authorized_keys

Monitor SSH key modifications

linux

Set up file integrity monitoring on the authorized_keys file

auditctl -w /home/tigergraph/.ssh/authorized_keys -p wa -k tigergraph_ssh_keys

🧯 If You Can't Patch

  • Implement strict access controls to prevent unauthorized code execution as the tigergraph user
  • Monitor and alert on any modifications to the /home/tigergraph/.ssh/authorized_keys file

🔍 How to Verify

Check if Vulnerable:

Check if TigerGraph version is 3.7.0 and verify permissions on /home/tigergraph/.ssh/authorized_keys with 'ls -la /home/tigergraph/.ssh/authorized_keys'

Check Version:

gadmin version

Verify Fix Applied:

Verify TigerGraph version is 3.7.1 or later and confirm authorized_keys file permissions are 600 with proper ownership

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized modifications to /home/tigergraph/.ssh/authorized_keys
  • Unexpected SSH login attempts as tigergraph user

Network Indicators:

  • Unexpected SSH connections to TigerGraph server on port 22

SIEM Query:

source="auth.log" AND (user="tigergraph" OR file="/home/tigergraph/.ssh/authorized_keys")

📊 Metadata

CVE ID: CVE-2023-28481
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-639
Published: August 14, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-28481, you might also want to check these:

CVE-2025-40805 10.0

This critical vulnerability allows unauthenticated remote attackers to bypass authentication on spec...

Same vulnerability type (CWE-639)
CVE-2024-45032 10.0

This critical vulnerability allows unauthenticated remote attackers to impersonate legitimate device...

Same vulnerability type (CWE-639)
CVE-2025-0987 9.9

CVE-2025-0987 is an authorization bypass vulnerability in CB Project Ltd. Co. CVLand software that a...

Same vulnerability type (CWE-639)