Login Sign Up

CVE-2023-33284

8.8 HIGH
Remote Code Execution Deserialization

📋 TL;DR

Marval MSM versions through 14.19.0.12476 and 15.0 contain a deserialization vulnerability (CWE-502) that allows authenticated remote attackers to execute arbitrary code on the web server. Any user with valid credentials can exploit this to gain full control of the affected system. Organizations running vulnerable Marval MSM installations are at risk.

💻 Affected Systems

Products:
  • Marval MSM
Versions: Through 14.19.0.12476 and 15.0
Operating Systems: Windows Server (typical deployment)
Default Config Vulnerable: ⚠️ Yes
Notes: All installations within affected version range are vulnerable. Requires any valid user authentication.

📦 What is this software?

Msm by Marvalglobal

View all CVEs affecting Msm →

Msm by Marvalglobal

View all CVEs affecting Msm →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the web server, lateral movement to other systems, data exfiltration, ransomware deployment, and persistent backdoor installation.

🟠

Likely Case

Attacker gains web server privileges, accesses sensitive data within Marval MSM, and potentially compromises the underlying operating system.

🟢

If Mitigated

With proper network segmentation and least privilege, impact limited to the Marval MSM application and its data.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires valid user credentials but is otherwise straightforward due to the deserialization vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 14.19.0.12476 and 15.0

Vendor Advisory: https://www.marvalglobal.com/security-advisories

Restart Required: Yes

Instructions:

1. Contact Marval support for the latest security patches. 2. Apply patches to all affected Marval MSM servers. 3. Restart the Marval MSM service and web server. 4. Verify the patch is applied successfully.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to Marval MSM web interface to trusted IP addresses only

Credential Hardening

all

Implement strong password policies, MFA, and regular credential rotation

🧯 If You Can't Patch

  • Implement strict network access controls to limit who can reach the Marval MSM web interface
  • Monitor for unusual authentication patterns and file creation/modification on Marval MSM servers

🔍 How to Verify

Check if Vulnerable:

Check Marval MSM version in administration console or via installed program information

Check Version:

Check Marval MSM web interface administration panel or installed programs list

Verify Fix Applied:

Confirm version is updated beyond affected versions and test functionality

📡 Detection & Monitoring

Log Indicators:

  • Unusual file creation in web directories
  • Suspicious process execution from web server context
  • Multiple failed authentication attempts followed by successful login

Network Indicators:

  • Unusual outbound connections from web server
  • HTTP requests with serialized data payloads

SIEM Query:

source="marval_msm" AND (event_type="file_creation" OR event_type="process_execution")

📊 Metadata

CVE ID: CVE-2023-33284
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-502
Published: June 7, 2023
Last Updated: January 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-33284, you might also want to check these:

CVE-2023-46604 10.0

CVE-2023-46604 is a critical remote code execution vulnerability in Apache ActiveMQ's Java OpenWire ...

Same vulnerability type (CWE-502)
CVE-2023-49772 10.0

This vulnerability allows unauthenticated attackers to execute arbitrary PHP code through deserializ...

Same vulnerability type (CWE-502)
CVE-2024-25100 10.0

This vulnerability allows unauthenticated attackers to inject malicious PHP objects via deserializat...

Same vulnerability type (CWE-502)