CVE-2023-29048
📋 TL;DR
This vulnerability in OX App Suite's OXMF template parser allows attackers to execute arbitrary system commands with the privileges of the non-privileged runtime user. It affects OX App Suite installations where OXMF templates can be processed, potentially leading to unauthorized access and data modification. The vulnerability has been addressed in recent patches.
💻 Affected Systems
- OX App Suite
📦 What is this software?
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
Ox App Suite by Open Xchange
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain command execution on the server, potentially accessing sensitive data, modifying configurations, or establishing persistence for further attacks.
Likely Case
Limited command execution leading to information disclosure, privilege escalation attempts, or lateral movement within the environment.
If Mitigated
With proper network segmentation and least privilege, impact is contained to the affected application server with limited access to sensitive systems.
🎯 Exploit Status
No publicly available exploits known, but technical details are published in security advisories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 7.10.6 patch release 6248
Vendor Advisory: https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0005.json
Restart Required: Yes
Instructions:
1. Download patch release 6248 from Open-Xchange. 2. Apply the patch following vendor documentation. 3. Restart OX App Suite services. 4. Verify the patch is applied correctly.
🔧 Temporary Workarounds
Disable OXMF template processing
allTemporarily disable OXMF template parsing functionality if immediate patching is not possible.
# Configuration changes required in OX App Suite settings
# Consult vendor documentation for specific configuration parameters
🧯 If You Can't Patch
- Implement strict network segmentation to isolate OX App Suite servers from sensitive systems
- Apply principle of least privilege to the OX App Suite runtime user account
🔍 How to Verify
Check if Vulnerable:
Check OX App Suite version against affected versions list. Review system logs for unexpected command execution patterns.Check Version:
# Check OX App Suite version via admin interface or configuration filesVerify Fix Applied:
Verify OX App Suite version is 7.10.6 patch release 6248 or later. Test OXMF template functionality to ensure commands cannot be executed.📡 Detection & Monitoring
Log Indicators:
- Unexpected command execution in application logs
- OXMF template processing errors
- Unusual system commands from OX App Suite process
Network Indicators:
- Unusual outbound connections from OX App Suite server
- Suspicious payloads in OXMF template requests
SIEM Query:
source="ox-appsuite" AND (event_type="command_execution" OR template="OXMF")🔗 References
- http://packetstormsecurity.com/files/176421/OX-App-Suite-7.10.6-XSS-Command-Execution-LDAP-Injection.html
- http://seclists.org/fulldisclosure/2024/Jan/3
- https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0005.json
- https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6248_7.10.6_2023-09-19.pdf
- http://packetstormsecurity.com/files/176421/OX-App-Suite-7.10.6-XSS-Command-Execution-LDAP-Injection.html
- http://seclists.org/fulldisclosure/2024/Jan/3
- https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0005.json
- https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6248_7.10.6_2023-09-19.pdf
