CVE-2023-42495 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2023-42495?

CVE-2023-42495 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to execute arbitrary operating system commands on Dasan Networks W-Web devices through improper input sanitization. Attackers can gain complete control of affected devices running versions 1.22 through 1.27. Organizations using these specific Dasan Networks products are at risk.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary operating system commands on Dasan Networks W-Web devices through improper input sanitization. Attackers can gain complete control of affected devices running versions 1.22 through 1.27. Organizations using these specific Dasan Networks products are at risk.

💻 Affected Systems

Products:

Dasan Networks W-Web

Versions: 1.22 through 1.27

Operating Systems: Embedded/Linux-based OS on Dasan devices

Default Config Vulnerable: ⚠️ Yes

Notes: All installations within the affected version range are vulnerable by default. No special configuration required for exploitation.

📦 What is this software?

W Web by Dasannetworks

View all CVEs affecting W Web →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to install persistent backdoors, exfiltrate sensitive data, pivot to internal networks, or render devices inoperable.

🟠

Likely Case

Remote code execution leading to device takeover, credential theft, network reconnaissance, and potential lateral movement within the network.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering and network segmentation prevents lateral movement.

🌐 Internet-Facing: HIGH - CVSS 9.8 indicates critical severity for internet-facing devices that can be exploited remotely without authentication.

🏢 Internal Only: HIGH - Even internally, this vulnerability allows attackers with network access to compromise devices and potentially pivot to other systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

OS command injection vulnerabilities typically have low exploitation complexity. Given the high CVSS score and public advisory, weaponization is likely even without public PoC.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 1.28 or later

Vendor Advisory: https://www.gov.il/en/Departments/faq/cve_advisories

Restart Required: Yes

Instructions:

1. Download latest firmware from Dasan Networks support portal. 2. Backup current configuration. 3. Apply firmware update via web interface or CLI. 4. Reboot device. 5. Verify version is 1.28 or higher.

🔧 Temporary Workarounds

Network Access Control

all

Restrict network access to W-Web devices using firewall rules

Input Validation Proxy

all

Deploy WAF or reverse proxy with command injection protection rules

🧯 If You Can't Patch

Isolate affected devices in separate VLAN with strict firewall rules allowing only necessary traffic
Implement network segmentation to prevent lateral movement from compromised devices

🔍 How to Verify

Check if Vulnerable:

Check web interface or CLI for firmware version. If version is between 1.22 and 1.27 inclusive, device is vulnerable.

Check Version:

show version

Verify Fix Applied:

Confirm firmware version is 1.28 or higher via web interface or CLI command 'show version'

📡 Detection & Monitoring

Log Indicators:

Unusual command execution in system logs
Multiple failed authentication attempts followed by successful access
Suspicious process creation from web service

Network Indicators:

Unusual outbound connections from W-Web devices
Traffic to unexpected ports or IP addresses
Large data exfiltration from device

SIEM Query:

source="dasan-web" AND (event_type="command_execution" OR process_name=*sh* OR cmdline=*bash*)

📊 Metadata

CVE ID: CVE-2023-42495

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

Published: December 13, 2023

Last Updated: November 21, 2024

🔗 References

https://www.gov.il/en/Departments/faq/cve_advisories Third Party Advisory
https://www.gov.il/en/Departments/faq/cve_advisories Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-42495, you might also want to check these: