CVE-2023-6483
📋 TL;DR
CVE-2023-6483 is an improper authentication vulnerability in ADiTaaS backend API that allows unauthenticated remote attackers to send specially crafted HTTP requests to gain full access to customer data and completely compromise the platform. This affects organizations using Allied Digital Integrated Tool-as-a-Service version 5.1.
💻 Affected Systems
- Allied Digital Integrated Tool-as-a-Service (ADiTaaS)
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the ADiTaaS platform with full access to all customer data, potential lateral movement to connected systems, and complete loss of confidentiality, integrity, and availability.
Likely Case
Unauthenticated attackers gaining administrative access to the platform, accessing sensitive customer data, and potentially deploying malware or ransomware.
If Mitigated
Limited impact with proper network segmentation, strong authentication controls, and monitoring in place, though the vulnerability still exists.
🎯 Exploit Status
The vulnerability requires sending specially crafted HTTP requests to the backend API, which is described as relatively straightforward to exploit.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check with vendor for specific patched version
Vendor Advisory: https://cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0365
Restart Required: Yes
Instructions:
1. Contact Allied Digital for the security patch
2. Apply the patch following vendor instructions
3. Restart the ADiTaaS service
4. Verify the fix is applied
🔧 Temporary Workarounds
Network Access Control
allRestrict access to ADiTaaS backend API to trusted IP addresses only
# Use firewall rules to restrict access
iptables -A INPUT -p tcp --dport [API_PORT] -s [TRUSTED_IP] -j ACCEPT
iptables -A INPUT -p tcp --dport [API_PORT] -j DROP
API Rate Limiting
allImplement rate limiting on API endpoints to detect and block brute force attempts
# Configure web server rate limiting
nginx: limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;
apache: SetEnvIf Remote_Addr "^192\.168\.1\." exempt
LimitRequestBody 102400
🧯 If You Can't Patch
- Isolate ADiTaaS systems in a separate network segment with strict access controls
- Implement web application firewall (WAF) rules to block suspicious API requests
🔍 How to Verify
Check if Vulnerable:
Check if ADiTaaS version is 5.1 by reviewing installation documentation or contacting vendor supportCheck Version:
Contact vendor for version checking procedure as ADiTaaS is proprietary softwareVerify Fix Applied:
Verify patch installation through vendor-provided verification method and test authentication mechanisms📡 Detection & Monitoring
Log Indicators:
- Unusual authentication attempts to backend API
- Multiple failed authentication requests from single IP
- Successful authentication from unexpected IP addresses
Network Indicators:
- Unusual HTTP traffic patterns to API endpoints
- Requests bypassing normal authentication flows
- Traffic from unexpected geographic locations
SIEM Query:
source="aditaas" AND (event_type="authentication" AND result="failure") | stats count by src_ip | where count > 10