Login Sign Up

CVE-2023-6099

7.3 HIGH
Authentication Bypass

📋 TL;DR

This critical vulnerability in Shenzhen Youkate Industrial Facial Love Cloud Payment System allows remote attackers to bypass privilege management by manipulating the operatorRole parameter. Attackers can potentially gain unauthorized access to system functions. All users of affected versions are at risk.

💻 Affected Systems

Products:
  • Shenzhen Youkate Industrial Facial Love Cloud Payment System
Versions: Up to version 1.0.55.0.0.1
Operating Systems: Unknown - likely Windows-based given .ashx extension
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the /SystemMng.ashx endpoint specifically in the Account Handler component.

📦 What is this software?

Facial Love Cloud Platform by Szjocat

View all CVEs affecting Facial Love Cloud Platform →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to modify user accounts, access sensitive payment data, or disrupt payment operations.

🟠

Likely Case

Unauthorized privilege escalation allowing attackers to access administrative functions or sensitive user data.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing exploitation attempts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available on GitHub, making this easily weaponizable.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Vendor was contacted but did not respond. Consider alternative payment systems.

🔧 Temporary Workarounds

Block /SystemMng.ashx endpoint

all

Block access to the vulnerable endpoint at network or application firewall level

# Web Application Firewall rule to block /SystemMng.ashx
# Network firewall rule to block traffic to this endpoint

Input validation for operatorRole parameter

all

Implement strict input validation to reject malicious operatorRole values

# Application code modification to validate operatorRole input
# Reject '00' and other unexpected values

🧯 If You Can't Patch

  • Isolate the payment system in a segmented network with strict access controls
  • Implement monitoring and alerting for unauthorized access attempts to /SystemMng.ashx

🔍 How to Verify

Check if Vulnerable:

Check if system version is 1.0.55.0.0.1 or earlier and has /SystemMng.ashx endpoint accessible

Check Version:

Check system documentation or admin interface for version information

Verify Fix Applied:

Test if operatorRole parameter manipulation with value '00' no longer results in privilege escalation

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests to /SystemMng.ashx with operatorRole=00
  • Unusual privilege escalation events
  • Multiple failed authentication attempts followed by successful access

Network Indicators:

  • Unusual traffic patterns to /SystemMng.ashx endpoint
  • Requests from unexpected IP addresses to administrative endpoints

SIEM Query:

source="web_logs" AND uri="/SystemMng.ashx" AND (operatorRole="00" OR status=200)

📊 Metadata

CVE ID: CVE-2023-6099
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-269
Published: November 13, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-6099, you might also want to check these:

CVE-2023-48419 10.0

This vulnerability allows an attacker within Wi-Fi range of a Google Home device to spy on the victi...

Same vulnerability type (CWE-269)
CVE-2025-20282 10.0

This critical vulnerability in Cisco ISE and ISE-PIC allows unauthenticated remote attackers to uplo...

Same vulnerability type (CWE-269)
CVE-2022-24783 10.0

This critical vulnerability in Deno runtime allows malicious code to bypass all permission checks an...

Same vulnerability type (CWE-269)