CVE-2023-38886 – This vulnerability allows remote authenticated ... (How to Fix)

Q: What is the severity of CVE-2023-38886?

CVE-2023-38886 has a CVSS score of 7.2 (HIGH). This vulnerability allows remote authenticated attackers with privileged access to execute arbitrary commands on Dolibarr ERP CRM systems. Attackers can exploit this to run malicious scripts or commands on the server, potentially compromising the entire system. Organizations running Dolibarr versions 17.0.1 and earlier are affected.

📋 TL;DR

This vulnerability allows remote authenticated attackers with privileged access to execute arbitrary commands on Dolibarr ERP CRM systems. Attackers can exploit this to run malicious scripts or commands on the server, potentially compromising the entire system. Organizations running Dolibarr versions 17.0.1 and earlier are affected.

💻 Affected Systems

Products:

Dolibarr ERP CRM

Versions: 17.0.1 and earlier

Operating Systems: All platforms running Dolibarr

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated privileged access to exploit. All default installations within affected version range are vulnerable.

📦 What is this software?

Dolibarr Erp\/crm by Dolibarr

View all CVEs affecting Dolibarr Erp\/crm →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise leading to data theft, ransomware deployment, lateral movement within the network, and persistent backdoor installation.

🟠

Likely Case

Privileged attacker gains remote code execution, potentially accessing sensitive business data, modifying configurations, or disrupting operations.

🟢

If Mitigated

With proper network segmentation, least privilege access, and monitoring, impact limited to isolated application server with minimal data exposure.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit details published in security advisory. Requires authenticated privileged user access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 17.0.2 and later

Vendor Advisory: http://dolibarr.com

Restart Required: No

Instructions:

1. Backup your Dolibarr installation and database. 2. Download and install Dolibarr version 17.0.2 or later from the official website. 3. Follow the upgrade instructions provided by Dolibarr. 4. Verify the installation is functioning correctly.

🔧 Temporary Workarounds

Restrict Privileged Access

all

Limit the number of users with administrative privileges and implement strong authentication controls.

Network Segmentation

all

Place Dolibarr servers in isolated network segments with strict firewall rules limiting inbound access.

🧯 If You Can't Patch

Implement strict access controls and monitor privileged user activity closely
Deploy web application firewall (WAF) with command injection protection rules

🔍 How to Verify

Check if Vulnerable:

Check Dolibarr version in admin interface or by examining the installation files. Versions 17.0.1 and earlier are vulnerable.

Check Version:

Check the version.php file in Dolibarr installation directory or view version in admin dashboard.

Verify Fix Applied:

Verify Dolibarr version is 17.0.2 or later and test that command injection attempts are properly sanitized.

📡 Detection & Monitoring

Log Indicators:

Unusual command execution patterns in application logs
Multiple failed authentication attempts followed by successful privileged login
Suspicious system commands executed via web interface

Network Indicators:

Unusual outbound connections from Dolibarr server
Command and control traffic patterns

SIEM Query:

source="dolibarr.log" AND (command* OR exec* OR system* OR shell*) AND user="admin"

📊 Metadata

CVE ID: CVE-2023-38886

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

Published: September 20, 2023

Last Updated: November 21, 2024

🔗 References

http://dolibarr.com Product
https://akerva.com/wp-content/uploads/2023/09/AKERVA_Security-Advisory_CVE-2023-38886_Dolibarr_RCE-1.pdf Exploit,Third Party Advisory
http://dolibarr.com Product
https://akerva.com/wp-content/uploads/2023/09/AKERVA_Security-Advisory_CVE-2023-38886_Dolibarr_RCE-1.pdf Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-38886, you might also want to check these: