CVE-2023-43661 – CVE-2023-43661 is a critical remote code execut... (How to Fix)

Q: What is the severity of CVE-2023-43661?

CVE-2023-43661 has a CVSS score of 8.8 (HIGH). CVE-2023-43661 is a critical remote code execution vulnerability in Cachet status page systems. It allows authenticated users to execute arbitrary code on the server due to improper template filtering and an outdated Twig version. This affects all Cachet installations prior to version 2.4.

📋 TL;DR

CVE-2023-43661 is a critical remote code execution vulnerability in Cachet status page systems. It allows authenticated users to execute arbitrary code on the server due to improper template filtering and an outdated Twig version. This affects all Cachet installations prior to version 2.4.

💻 Affected Systems

Products:

Cachet

Versions: All versions prior to 2.4

Operating Systems: All operating systems running Cachet

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user access to exploit the template functionality.

📦 What is this software?

Cachet by All Three

View all CVEs affecting Cachet →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise allowing attacker to execute arbitrary commands, access sensitive data, install malware, or pivot to other systems.

🟠

Likely Case

Server takeover leading to data theft, service disruption, or deployment of ransomware/cryptominers.

🟢

If Mitigated

Limited impact if proper network segmentation and least privilege access controls are implemented.

🌐 Internet-Facing: HIGH - Cachet is typically deployed as an internet-facing status page system, making it directly accessible to attackers.

🏢 Internal Only: MEDIUM - Internal deployments are still vulnerable but have reduced attack surface compared to internet-facing instances.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.4 and later

Vendor Advisory: https://github.com/cachethq/cachet/security/advisories/GHSA-hv79-p62r-wg3p

Restart Required: Yes

Instructions:

1. Backup your Cachet installation and database. 2. Update to Cachet version 2.4 or later. 3. Restart the web server/service. 4. Verify the patch is applied by checking the version.

🔧 Temporary Workarounds

Disable template functionality

all

Temporarily disable the template creation/editing feature until patching can be completed.

# Modify Cachet configuration to disable template features
# Check Cachet documentation for specific configuration options

Restrict user permissions

all

Limit template creation/editing permissions to only essential administrators.

# Review and modify user roles in Cachet admin panel
# Remove template permissions from non-essential users

🧯 If You Can't Patch

Implement strict network segmentation to isolate Cachet instances from critical systems
Enable detailed logging and monitoring for template-related activities and unusual server behavior

🔍 How to Verify

Check if Vulnerable:

Check Cachet version via admin panel or by examining the installation files. Versions below 2.4 are vulnerable.

Check Version:

Check Cachet admin dashboard or examine composer.json file for version information

Verify Fix Applied:

Confirm version is 2.4 or higher and verify commit 6fb043e109d2a262ce3974e863c54e9e5f5e0587 is present in the codebase.

📡 Detection & Monitoring

Log Indicators:

Unusual template creation/modification activities
Suspicious PHP/Twig execution patterns
Unexpected system command execution

Network Indicators:

Unusual outbound connections from Cachet server
Suspicious payloads in HTTP requests to template endpoints

SIEM Query:

source="cachet-logs" AND (event="template_creation" OR event="template_modification") AND user!="admin"

📊 Metadata

CVE ID: CVE-2023-43661

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

Published: October 11, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/cachethq/cachet/commit/6fb043e109d2a262ce3974e863c54e9e5f5e0587 Patch
https://github.com/cachethq/cachet/security/advisories/GHSA-hv79-p62r-wg3p Exploit,Mitigation,Vendor Advisory
https://github.com/cachethq/cachet/commit/6fb043e109d2a262ce3974e863c54e9e5f5e0587 Patch
https://github.com/cachethq/cachet/security/advisories/GHSA-hv79-p62r-wg3p Exploit,Mitigation,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-43661, you might also want to check these: