Login Sign Up

CVE-2023-37569

8.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows remote authenticated attackers to execute arbitrary operating system commands on ESDS Emagic Data Center Management Suite systems due to improper input sanitization in the Ping component. Organizations using this software are affected. Attackers can gain full control of the targeted system.

💻 Affected Systems

Products:
  • ESDS Emagic Data Center Management Suite
Versions: Version 6.0 (likely earlier versions too)
Operating Systems: Windows, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated access to the management interface.

📦 What is this software?

Emagic Data Center Management by Esds.co

View all CVEs affecting Emagic Data Center Management →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise leading to data theft, ransomware deployment, lateral movement within the network, and persistent backdoor installation.

🟠

Likely Case

Attacker gains shell access to the server, exfiltrates sensitive data, and uses the compromised system as a foothold for further attacks.

🟢

If Mitigated

Limited impact due to network segmentation, least privilege access, and command execution restrictions.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit code is publicly available on Packet Storm Security. Attack requires valid credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0226

Restart Required: No

Instructions:

1. Check vendor website for security updates. 2. Apply any available patches. 3. Verify the fix by testing the Ping functionality.

🔧 Temporary Workarounds

Disable Ping Component

all

Temporarily disable or restrict access to the vulnerable Ping functionality

Network Segmentation

all

Isolate the management interface from untrusted networks

🧯 If You Can't Patch

  • Implement strict network access controls to limit who can reach the management interface
  • Apply principle of least privilege to user accounts and monitor for suspicious authentication attempts

🔍 How to Verify

Check if Vulnerable:

Test the Ping functionality with command injection payloads (e.g., ; whoami) if authorized.

Check Version:

Check the software version in the management interface or via vendor documentation.

Verify Fix Applied:

Retest with the same payloads to confirm command execution is no longer possible.

📡 Detection & Monitoring

Log Indicators:

  • Unusual command execution patterns in system logs
  • Multiple failed authentication attempts followed by successful login
  • Suspicious processes spawned from the management service

Network Indicators:

  • Unusual outbound connections from the management server
  • Traffic patterns indicating command and control activity

SIEM Query:

source="emagic_logs" AND (command="ping" AND (payload="*;*" OR payload="*|*" OR payload="*`*"))

📊 Metadata

CVE ID: CVE-2023-37569
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-78
Published: August 8, 2023
Last Updated: February 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-37569, you might also want to check these:

CVE-2023-2564 10.0

This CVE describes an OS command injection vulnerability in scanservjs web scanning software that al...

Same vulnerability type (CWE-78)
CVE-2024-58338 10.0

Anevia Flamingo XL 3.2.9 contains a restricted shell escape vulnerability that allows remote attacke...

Same vulnerability type (CWE-78)
CVE-2025-26389 10.0

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code with r...

Same vulnerability type (CWE-78)