CVE-2023-31295 – A CSV injection vulnerability in Sesami Cash Po... (How to Fix)

Q: What is the severity of CVE-2023-31295?

CVE-2023-31295 has a CVSS score of 7.5 (HIGH). A CSV injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 allows remote attackers to extract sensitive information via the User Profile field. This affects organizations using the vulnerable CPTO software for cash management and transport optimization. Attackers can potentially access confidential data through crafted CSV exports.

📋 TL;DR

A CSV injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 allows remote attackers to extract sensitive information via the User Profile field. This affects organizations using the vulnerable CPTO software for cash management and transport optimization. Attackers can potentially access confidential data through crafted CSV exports.

💻 Affected Systems

Products:

Sesami Cash Point & Transport Optimizer (CPTO)

Versions: Version 6.3.8.6 (build #718)

Operating Systems: Windows (primary deployment platform)

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects the User Profile field functionality within CPTO software used for cash management operations.

📦 What is this software?

Cash Point \& Transport Optimizer by Sesami

View all CVEs affecting Cash Point \& Transport Optimizer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete exposure of sensitive user data, financial information, and system credentials leading to data breaches, financial fraud, and system compromise.

🟠

Likely Case

Extraction of user profile information including names, contact details, and potentially authentication data through malicious CSV file generation.

🟢

If Mitigated

Limited data exposure with proper input validation and output encoding preventing successful exploitation.

🌐 Internet-Facing: MEDIUM - Requires user interaction with CSV exports but could be exploited through phishing or social engineering.

🏢 Internal Only: HIGH - Internal users with access to user profile exports could exploit this vulnerability to extract sensitive data.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access to generate CSV exports but uses simple CSV injection techniques that are well-documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 6.3.8.7 or later

Vendor Advisory: https://herolab.usd.de/en/security-advisories/usd-2022-0053/

Restart Required: Yes

Instructions:

1. Contact Sesami support for updated version. 2. Backup current configuration. 3. Install version 6.3.8.7 or later. 4. Restart CPTO services. 5. Verify functionality.

🔧 Temporary Workarounds

Disable CSV Export Functionality

windows

Temporarily disable CSV export features for user profiles to prevent exploitation.

Modify CPTO configuration to remove CSV export permissions

Input Validation Filter

all

Implement server-side validation to sanitize CSV output from user profile fields.

Add input sanitization for CSV special characters (=, +, -, @, |)

🧯 If You Can't Patch

Implement strict access controls limiting CSV export capabilities to trusted administrators only.
Monitor and audit all CSV export activities for suspicious patterns or unusual data extraction.

🔍 How to Verify

Check if Vulnerable:

Check CPTO version in application settings or about dialog - if version is exactly 6.3.8.6 (#718), system is vulnerable.

Check Version:

Check CPTO application menu → Help → About or examine installed programs in Windows Control Panel.

Verify Fix Applied:

Verify installed version is 6.3.8.7 or later and test CSV export functionality with malicious payloads in user profile fields.

📡 Detection & Monitoring

Log Indicators:

Unusual CSV export activities
Multiple large CSV exports in short time
Export requests with special characters in user fields

Network Indicators:

Unexpected CSV file downloads from CPTO server
CSV files with formula injection patterns

SIEM Query:

source="cpto_logs" AND (event="csv_export" OR file_type="csv") AND (user_field CONTAINS "=" OR user_field CONTAINS "+" OR user_field CONTAINS "@")

📊 Metadata

CVE ID: CVE-2023-31295

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-1236

Published: December 29, 2023

Last Updated: November 21, 2024

🔗 References

https://herolab.usd.de/en/security-advisories/usd-2022-0053/ Third Party Advisory
https://herolab.usd.de/en/security-advisories/usd-2022-0053/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-31295, you might also want to check these: