Login Sign Up

CVE-2023-46047

7.3 HIGH
Remote Code Execution

📋 TL;DR

A local attacker can execute arbitrary code by providing a crafted configuration file to the sanei_configure_attach() function in Sane 1.2.1. This vulnerability requires local access to the system and the ability to control configuration files. The impact is limited to systems running vulnerable versions of Sane with attacker-controlled configuration files.

💻 Affected Systems

Products:
  • Sane (Scanner Access Now Easy)
Versions: 1.2.1
Operating Systems: Linux, Unix-like systems
Default Config Vulnerable: ✅ No
Notes: Requires attacker-controlled configuration file. The vulnerability is disputed as the product is not expected to start with malicious configuration files.

📦 What is this software?

Sane Backends by Sane Project

View all CVEs affecting Sane Backends →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to full system compromise via arbitrary code execution.

🟠

Likely Case

Local user gains elevated privileges or executes malicious code within the Sane process context.

🟢

If Mitigated

No impact if configuration files are properly secured and not attacker-controlled.

🌐 Internet-Facing: LOW - Requires local access and control of configuration files.
🏢 Internal Only: MEDIUM - Local attackers with configuration file access could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit details available in public disclosures. Requires local access and ability to provide crafted configuration file.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check GitLab issue for latest patched version

Vendor Advisory: https://gitlab.com/sane-project/backends/-/issues/708

Restart Required: Yes

Instructions:

1. Check GitLab issue #708 for patch details. 2. Update Sane to patched version. 3. Restart Sane services.

🔧 Temporary Workarounds

Secure Configuration Files

linux

Restrict write access to Sane configuration files to prevent attacker control.

chmod 644 /etc/sane.d/*.conf
chown root:root /etc/sane.d/*.conf

Disable Unnecessary Backends

linux

Disable Sane backends that are not required to reduce attack surface.

Comment out unnecessary backends in /etc/sane.d/dll.conf

🧯 If You Can't Patch

  • Implement strict file permissions on Sane configuration directories
  • Monitor for unauthorized changes to Sane configuration files

🔍 How to Verify

Check if Vulnerable:

Check Sane version: scanimage --version. If version is 1.2.1, system may be vulnerable.

Check Version:

scanimage --version

Verify Fix Applied:

Verify Sane version is updated beyond 1.2.1 and check GitLab issue #708 for patch confirmation.

📡 Detection & Monitoring

Log Indicators:

  • Sane process crashes
  • Unusual configuration file modifications

Network Indicators:

  • Local privilege escalation attempts

SIEM Query:

Process:scanimage AND (EventID:1000 OR ConfigurationFileModified)

📊 Metadata

CVE ID: CVE-2023-46047
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-20
Published: March 27, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-46047, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2020-12388 10.0

This vulnerability allows attackers to escape Firefox's content process sandbox on Windows systems, ...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)