CVE-2023-40582 — CRITICAL (9.8)

Q: How severe is CVE-2023-40582?

CVE-2023-40582 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2023-40582?

Check the references section above for vendor advisories and patch information. Affected products include: Find-Exec Project Find-Exec.

Vulnerability Description

find-exec is a utility to discover available shell commands. Versions prior to 1.0.3 did not properly escape user input and are vulnerable to Command Injection via an attacker controlled parameter. As a result, attackers may run malicious shell commands in the context of the running process. This issue has been addressed in version 1.0.3. users are advised to upgrade. Users unable to upgrade should ensure that all input passed to find-exec comes from a trusted source.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Find-Exec Project	Find-Exec	< 1.0.3

Related Weaknesses (CWE)

CWE-78

References

FAQ

What is CVE-2023-40582?

CVE-2023-40582 is a vulnerability with a CVSS score of 9.8 (CRITICAL). find-exec is a utility to discover available shell commands. Versions prior to 1.0.3 did not properly escape user input and are vulnerable to Command Injection via an attacker controlled parameter. As...

How severe is CVE-2023-40582?

CVE-2023-40582 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2023-40582?

Check the references section above for vendor advisories and patch information. Affected products include: Find-Exec Project Find-Exec.