CVE-2023-2958 – CVE-2023-2958 is an authorization bypass vulner... (How to Fix)

Q: What is the severity of CVE-2023-2958?

CVE-2023-2958 has a CVSS score of 9.8 (CRITICAL). CVE-2023-2958 is an authorization bypass vulnerability in Origin Software ATS Pro that allows attackers to bypass authentication mechanisms by manipulating user-controlled keys. This affects all ATS Pro installations before version 20230714, potentially enabling unauthorized access to sensitive systems and data.

📋 TL;DR

CVE-2023-2958 is an authorization bypass vulnerability in Origin Software ATS Pro that allows attackers to bypass authentication mechanisms by manipulating user-controlled keys. This affects all ATS Pro installations before version 20230714, potentially enabling unauthorized access to sensitive systems and data.

💻 Affected Systems

Products:

Origin Software ATS Pro

Versions: All versions before 20230714

Operating Systems: Any OS running ATS Pro

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments of ATS Pro before the patched version are vulnerable regardless of configuration.

📦 What is this software?

Ats Pro by Orjinyazilim

View all CVEs affecting Ats Pro →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to gain administrative privileges, access sensitive HR data, manipulate recruitment processes, and potentially pivot to other systems.

🟠

Likely Case

Unauthorized access to applicant tracking system data including resumes, personal information, interview notes, and internal hiring processes.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, potentially only exposing non-sensitive application data.

🌐 Internet-Facing: HIGH - If the ATS Pro instance is exposed to the internet, attackers can directly exploit this vulnerability without internal access.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this to escalate privileges within the ATS system.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The CWE-639 classification suggests attackers can manipulate keys/identifiers to bypass authorization checks, typically requiring minimal technical skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 20230714 or later

Vendor Advisory: https://www.usom.gov.tr/bildirim/tr-23-0410

Restart Required: Yes

Instructions:

1. Contact Origin Software for the latest patched version (20230714+). 2. Backup current ATS Pro installation and data. 3. Apply the update following vendor instructions. 4. Restart the ATS Pro service. 5. Verify functionality post-update.

🔧 Temporary Workarounds

Network Isolation

all

Restrict network access to ATS Pro to only authorized internal IP addresses

Web Application Firewall Rules

all

Implement WAF rules to block suspicious authentication bypass attempts

🧯 If You Can't Patch

Implement strict network segmentation and firewall rules to limit access to ATS Pro
Enable detailed authentication and authorization logging and monitor for suspicious access patterns

🔍 How to Verify

Check if Vulnerable:

Check ATS Pro version in administration panel or configuration files. If version is earlier than 20230714, the system is vulnerable.

Check Version:

Check ATS Pro web interface admin panel or consult vendor documentation for version checking method.

Verify Fix Applied:

Verify version is 20230714 or later in administration panel and test authentication flows with various user roles.

📡 Detection & Monitoring

Log Indicators:

Unusual authentication patterns
Access from unexpected user accounts
Failed authorization attempts followed by successful access

Network Indicators:

Unusual HTTP requests to authentication endpoints
Requests with manipulated session or user identifiers

SIEM Query:

source="ats_pro" AND (event_type="auth_bypass" OR (auth_result="success" AND user_role_change="unexpected"))

📊 Metadata

CVE ID: CVE-2023-2958

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-639

Published: July 17, 2023

Last Updated: November 21, 2024

🔗 References

https://www.usom.gov.tr/bildirim/tr-23-0410 Third Party Advisory
https://www.usom.gov.tr/bildirim/tr-23-0410 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-2958, you might also want to check these: