Login Sign Up

CVE-2023-41357

8.8 HIGH
Remote Code Execution

📋 TL;DR

CVE-2023-41357 is an unrestricted file upload vulnerability in Galaxy Software Services Corporation Vitals ESP knowledge base management portal. Authenticated users can upload malicious scripts to arbitrary directories, potentially leading to remote code execution. This affects organizations using vulnerable versions of Vitals ESP.

💻 Affected Systems

Products:
  • Galaxy Software Services Corporation Vitals ESP
Versions: Specific versions not detailed in references, but all versions before vendor patch are likely affected.
Operating Systems: Windows (likely, based on typical deployment)
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated user access; general user privilege is sufficient.

📦 What is this software?

Vitals Enterprise Social Platform by Gss

View all CVEs affecting Vitals Enterprise Social Platform →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through remote code execution, data theft, service disruption, and lateral movement within the network.

🟠

Likely Case

Unauthorized file upload leading to web shell deployment, limited data access, and potential service disruption.

🟢

If Mitigated

File uploads blocked or properly validated, limiting impact to failed upload attempts only.

🌐 Internet-Facing: HIGH - Internet-facing instances allow authenticated attackers to exploit remotely.
🏢 Internal Only: HIGH - Internal instances remain vulnerable to authenticated insider threats.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in references; check vendor advisory for exact version.

Vendor Advisory: https://www.twcert.org.tw/tw/cp-132-7508-6d1ef-1.html

Restart Required: Yes

Instructions:

1. Contact Galaxy Software Services for patch details. 2. Apply the provided patch. 3. Restart the Vitals ESP service. 4. Verify the fix.

🔧 Temporary Workarounds

Restrict File Upload Types

all

Configure web server or application to block uploads of executable file types.

# Configure in web server (e.g., Apache/IIS) to deny .php, .asp, .jsp, etc.

Implement File Validation

all

Add server-side validation to check file extensions and content.

# Implement in application code to validate file type and size

🧯 If You Can't Patch

  • Disable file upload functionality entirely in Vitals ESP configuration.
  • Implement network segmentation to isolate Vitals ESP from critical systems.

🔍 How to Verify

Check if Vulnerable:

Test if authenticated users can upload files with executable extensions (e.g., .php, .asp) to arbitrary directories.

Check Version:

Check Vitals ESP version in admin panel or configuration files.

Verify Fix Applied:

After patching, attempt to upload executable files; uploads should be blocked or properly validated.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads, especially with executable extensions
  • Failed upload attempts post-patch

Network Indicators:

  • HTTP POST requests to upload endpoints with suspicious file types

SIEM Query:

source="vitals_esp_logs" AND (event="file_upload" AND file_extension IN ("php", "asp", "jsp"))

📊 Metadata

CVE ID: CVE-2023-41357
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
Published: November 3, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-41357, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)