CVE-2023-39144 – Element55 KnowMore appliances version 21 and ol... (How to Fix)

Q: What is the severity of CVE-2023-39144?

CVE-2023-39144 has a CVSS score of 7.5 (HIGH). Element55 KnowMore appliances version 21 and older store passwords in plaintext, allowing attackers with access to the system to read sensitive credentials. This affects all organizations using vulnerable versions of the KnowMore appliance.

📋 TL;DR

Element55 KnowMore appliances version 21 and older store passwords in plaintext, allowing attackers with access to the system to read sensitive credentials. This affects all organizations using vulnerable versions of the KnowMore appliance.

💻 Affected Systems

Products:

Element55 KnowMore Appliance

Versions: Version 21 and older

Operating Systems: Appliance-specific OS

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of affected versions are vulnerable regardless of configuration.

📦 What is this software?

Knowmore by Element55

View all CVEs affecting Knowmore →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full administrative access to the appliance, potentially compromising all stored data and using credentials to pivot to other systems.

🟠

Likely Case

Attackers with existing access (malicious insider or compromised account) extract passwords to escalate privileges or access sensitive information.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to credential exposure without lateral movement.

🌐 Internet-Facing: MEDIUM - While the vulnerability itself doesn't allow remote exploitation, internet-facing appliances increase attack surface for credential theft if other vulnerabilities exist.

🏢 Internal Only: HIGH - Internal attackers or compromised accounts can easily extract plaintext passwords for privilege escalation.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires some level of system access to read stored password files.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 22 or newer

Vendor Advisory: https://getknowmore.com/

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Download and install version 22 or newer from vendor portal. 3. Restart appliance. 4. Verify passwords are now encrypted.

🔧 Temporary Workarounds

Restrict File Access

linux

Limit access to password storage files using file permissions

chmod 600 /path/to/password/files
chown root:root /path/to/password/files

Enable Additional Authentication

all

Implement multi-factor authentication to reduce impact of credential theft

🧯 If You Can't Patch

Isolate appliance on network segment with strict access controls
Implement comprehensive monitoring and alerting for unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Check appliance version via web interface or SSH, or examine password storage files for plaintext content

Check Version:

ssh admin@appliance 'cat /etc/version' or check web admin interface

Verify Fix Applied:

Verify version is 22+ and password files show encrypted/hashed content instead of plaintext

📡 Detection & Monitoring

Log Indicators:

Unauthorized access to password storage files
Multiple failed authentication attempts followed by successful login

Network Indicators:

Unusual SSH or administrative access patterns
Data exfiltration from appliance

SIEM Query:

source="knowmore_appliance" AND (event="file_access" AND file_path="*password*") OR (event="auth" AND result="success" AFTER result="failure")

📊 Metadata

CVE ID: CVE-2023-39144

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-312

Published: August 3, 2023

Last Updated: November 21, 2024

🔗 References

https://getknowmore.com/ Product
https://github.com/cduram/CVE-2023-39144 Exploit,Third Party Advisory
https://getknowmore.com/ Product
https://github.com/cduram/CVE-2023-39144 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-39144, you might also want to check these: