CVE-2023-37601 – Office Suite Premium v10.9.1.42602 contains a l... (How to Fix)

Q: What is the severity of CVE-2023-37601?

CVE-2023-37601 has a CVSS score of 7.5 (HIGH). Office Suite Premium v10.9.1.42602 contains a local file inclusion vulnerability via the /etc/hosts component. This allows attackers to read arbitrary files on the system. Users running this specific version are affected.

📋 TL;DR

Office Suite Premium v10.9.1.42602 contains a local file inclusion vulnerability via the /etc/hosts component. This allows attackers to read arbitrary files on the system. Users running this specific version are affected.

💻 Affected Systems

Products:

Office Suite Premium

Versions: v10.9.1.42602

Operating Systems: All platforms running this software

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is in the specific version mentioned; other versions may also be affected but not confirmed.

📦 What is this software?

Office Suite by Mobisystems

View all CVEs affecting Office Suite →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through reading sensitive files like /etc/shadow, SSH keys, or configuration files containing credentials.

🟠

Likely Case

Information disclosure of sensitive system files, potentially leading to credential theft or further exploitation.

🟢

If Mitigated

Limited to reading non-sensitive files if proper file permissions and access controls are implemented.

🌐 Internet-Facing: HIGH if the vulnerable component is exposed to the internet, as exploitation requires no authentication.

🏢 Internal Only: MEDIUM for internal systems, as attackers would need internal network access but exploitation is straightforward.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available on Packet Storm, making this easy to weaponize.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

Check vendor website for updates or contact vendor support for patching guidance.

🔧 Temporary Workarounds

Restrict file access permissions

linux

Set strict file permissions on sensitive system files to prevent reading via LFI.

chmod 600 /etc/shadow
chmod 600 /etc/passwd

Network segmentation

all

Isolate affected systems from untrusted networks to limit attack surface.

🧯 If You Can't Patch

Disable or remove the vulnerable component if not essential.
Implement web application firewall (WAF) rules to block LFI attempts.

🔍 How to Verify

Check if Vulnerable:

Check if Office Suite Premium version is 10.9.1.42602 via software settings or vendor documentation.

Check Version:

Check software version in application settings or vendor-provided tools.

Verify Fix Applied:

Verify by testing if LFI attempts via /etc/hosts are blocked or patched version is installed.

📡 Detection & Monitoring

Log Indicators:

Unusual file access attempts to /etc/hosts or other system files in application logs.

Network Indicators:

HTTP requests containing file paths like /etc/hosts or directory traversal patterns.

SIEM Query:

source="app_logs" AND (path="/etc/hosts" OR path CONTAINS "../")

📊 Metadata

CVE ID: CVE-2023-37601

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

Published: July 20, 2023

Last Updated: November 21, 2024

🔗 References

https://packetstormsecurity.com/files/173146/Office-Suite-Premium-10.9.1.42602-Local-File-Inclusion.html Exploit,Third Party Advisory,VDB Entry
https://packetstormsecurity.com/files/173146/Office-Suite-Premium-10.9.1.42602-Local-File-Inclusion.html Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-37601, you might also want to check these: