CVE-2023-43825 – A relative path traversal vulnerability in Shih... (How to Fix)

Q: What is the severity of CVE-2023-43825?

CVE-2023-43825 has a CVSS score of 7.8 (HIGH). A relative path traversal vulnerability in Shihonkanri Plus allows local attackers to execute arbitrary code by tricking legitimate users into importing malicious backup files. This affects version 9.0.3 and earlier. Attackers need local access and must convince users to import crafted files.

📋 TL;DR

A relative path traversal vulnerability in Shihonkanri Plus allows local attackers to execute arbitrary code by tricking legitimate users into importing malicious backup files. This affects version 9.0.3 and earlier. Attackers need local access and must convince users to import crafted files.

💻 Affected Systems

Products:

Shihonkanri Plus

Versions: 9.0.3 and earlier

Operating Systems: Windows (assumed based on typical Japanese business software)

Default Config Vulnerable: ⚠️ Yes

Notes: Requires local attacker access and legitimate user to import malicious backup file.

📦 What is this software?

Shihonkanri Plus by Ekakin

View all CVEs affecting Shihonkanri Plus →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with arbitrary code execution leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Local privilege escalation or malware execution within the application context, potentially compromising sensitive business data managed by the software.

🟢

If Mitigated

Limited impact if proper user training prevents importing untrusted files and application runs with minimal privileges.

🌐 Internet-Facing: LOW - Requires local access and user interaction with malicious files.

🏢 Internal Only: MEDIUM - Insider threats or compromised accounts could exploit this, but requires user interaction.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires social engineering to get user to import malicious file and local access to place/craft the file.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 9.0.4 or later

Vendor Advisory: http://ekakin.la.coocan.jp/index.htm

Restart Required: Yes

Instructions:

1. Download latest version from vendor website. 2. Backup current data. 3. Install update. 4. Restart system.

🔧 Temporary Workarounds

Restrict backup file imports

all

Implement policy to only allow importing backup files from trusted sources with verification.

Run with limited privileges

windows

Configure application to run with minimal user privileges to limit impact of code execution.

🧯 If You Can't Patch

Implement strict user training about only importing verified backup files from trusted sources.
Monitor for suspicious file import activities and restrict application network access.

🔍 How to Verify

Check if Vulnerable:

Check Help > About in Shihonkanri Plus to see if version is 9.0.3 or earlier.

Check Version:

Check application interface or registry: HKEY_LOCAL_MACHINE\SOFTWARE\ShihonkanriPlus\Version

Verify Fix Applied:

Verify version shows 9.0.4 or later after update installation.

📡 Detection & Monitoring

Log Indicators:

Unusual backup file import activities
Process execution from unexpected locations after file import

Network Indicators:

Unexpected outbound connections after backup import

SIEM Query:

EventID=4688 AND ProcessName="shihonkanri.exe" AND CommandLine CONTAINS "import"

📊 Metadata

CVE ID: CVE-2023-43825

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: September 27, 2023

Last Updated: November 21, 2024

🔗 References

http://ekakin.la.coocan.jp/index.htm Product
https://jvn.jp/en/jp/JVN17434995/ Third Party Advisory
http://ekakin.la.coocan.jp/index.htm Product
https://jvn.jp/en/jp/JVN17434995/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-43825, you might also want to check these: