Login Sign Up

CVE-2023-30995

7.5 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability allows attackers to bypass IP whitelist restrictions in IBM Aspera Faspex by sending specially crafted HTTP requests. Affected organizations using Faspex for file transfers could have unauthorized access to their transfer systems. This impacts IBM Aspera Faspex versions 4.0-4.4.2 and 5.0-5.0.5.

💻 Affected Systems

Products:
  • IBM Aspera Faspex
Versions: 4.0 through 4.4.2 and 5.0 through 5.0.5
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using IP whitelist restrictions. Systems without IP restrictions configured are not vulnerable to this bypass.

📦 What is this software?

Aspera Faspex by Ibm

View all CVEs affecting Aspera Faspex →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Unauthorized external actors gain access to file transfer systems, potentially exfiltrating sensitive data or uploading malicious files to internal networks.

🟠

Likely Case

Attackers bypass IP-based access controls to access file transfer functionality they shouldn't have, potentially viewing or intercepting file transfers.

🟢

If Mitigated

Attackers are blocked by additional authentication layers or network segmentation, limiting impact to the Faspex application only.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending specially crafted HTTP requests but does not require authentication if IP whitelist is the only protection.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.4.2 Patch Level 1 and 5.0.5 Patch Level 1

Vendor Advisory: https://www.ibm.com/support/pages/node/7029681

Restart Required: Yes

Instructions:

1. Download appropriate patch from IBM Fix Central. 2. Stop Aspera Faspex services. 3. Apply patch according to IBM instructions. 4. Restart services. 5. Verify patch application.

🔧 Temporary Workarounds

Network ACL Restriction

all

Implement network-level access controls to restrict Faspex access to trusted IP ranges

Disable IP Whitelist Feature

all

Remove IP whitelist configuration and rely on other authentication methods

🧯 If You Can't Patch

  • Implement additional authentication layers (MFA, certificate-based auth)
  • Isolate Faspex server in DMZ with strict firewall rules

🔍 How to Verify

Check if Vulnerable:

Check Faspex version via admin interface or configuration files. Versions 4.0-4.4.2 and 5.0-5.0.5 without patches are vulnerable.

Check Version:

Check Aspera Faspex web admin interface or configuration files for version information

Verify Fix Applied:

Verify patch is applied by checking version includes 'Patch Level 1' or higher in admin interface.

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests with unusual headers or parameters attempting to bypass restrictions
  • Access from IP addresses outside whitelist ranges

Network Indicators:

  • HTTP traffic to Faspex with crafted headers
  • Unexpected source IPs accessing Faspex endpoints

SIEM Query:

source_ip NOT IN whitelist_ips AND destination_port=33001 AND http_user_agent CONTAINS 'Aspera'

📊 Metadata

CVE ID: CVE-2023-30995
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE: CWE-863
Published: September 8, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-30995, you might also want to check these:

CVE-2023-4617 10.0

This vulnerability allows remote attackers to bypass authorization controls in the Govee Home mobile...

Same vulnerability type (CWE-863)
CVE-2025-54253 10.0

CVE-2025-54253 is a critical misconfiguration vulnerability in Adobe Experience Manager Forms that a...

Same vulnerability type (CWE-863)
CVE-2021-38503 10.0

This vulnerability allows malicious iframes to bypass sandbox restrictions when loading XSLT stylesh...

Same vulnerability type (CWE-863)