CVE-2023-1714 - OpenCVE

Unsafe variable extraction in bitrix/modules/main/classes/general/user_options.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via (1) appending arbitrary content to existing PHP files or (2) PHAR deserialization.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Bitrix24	Bitrix24

Configuration 1 [-]

cpe:2.3:a:bitrix24:bitrix24:22.0.300:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://starlabs.sg/advisories/23/23-1714/

History

No history.

MITRE

Status: PUBLISHED

Assigner: STAR_Labs

Published: 2023-11-01T09:02:47.607Z

Updated: 2024-09-05T19:54:40.749Z

Reserved: 2023-03-30T09:15:34.398Z

Link: CVE-2023-1714

Vulnrichment

Updated: 2024-08-02T05:57:24.932Z

NVD

Status : Analyzed

Published: 2023-11-01T10:15:09.050

Modified: 2023-11-09T20:38:00.327

Link: CVE-2023-1714

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-1714", "assignerOrgId": "b1571b85-cbc9-431f-830b-0c8155323a69", "state": "PUBLISHED", "assignerShortName": "STAR_Labs", "dateReserved": "2023-03-30T09:15:34.398Z", "datePublished": "2023-11-01T09:02:47.607Z", "dateUpdated": "2024-09-05T19:54:40.749Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Bitrix24", "programFiles": ["file:bitrix/modules/main/classes/general/user_options.php"], "vendor": "Bitrix24", "versions": [{"lessThanOrEqual": "22.0.300", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Lam Jun Rong & Li Jiantao of STAR Labs SG Pte. Ltd. (@starlabs_sg)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Unsafe variable extraction in bitrix/modules/main/classes/general/user_options.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via (1) appending arbitrary content to existing PHP files or (2) PHAR deserialization."}], "value": "Unsafe variable extraction in bitrix/modules/main/classes/general/user_options.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via (1) appending arbitrary content to existing PHP files or (2) PHAR deserialization."}], "impacts": [{"capecId": "CAPEC-549", "descriptions": [{"lang": "en", "value": "CAPEC-549 Local Execution of Code"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b1571b85-cbc9-431f-830b-0c8155323a69", "shortName": "STAR_Labs", "dateUpdated": "2023-11-01T09:02:47.607Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://starlabs.sg/advisories/23/23-1714/"}], "source": {"discovery": "UNKNOWN"}, "title": "Bitrix24 Remote Command Execution (RCE) via Unsafe Variable Extraction", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:57:24.932Z"}, "title": "CVE Program Container", "references": [{"tags": ["third-party-advisory", "x_transferred"], "url": "https://starlabs.sg/advisories/23/23-1714/"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-05T19:54:25.866905Z", "id": "CVE-2023-1714", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-05T19:54:40.749Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://starlabs.sg/advisories/23/23-1714/", "tags": ["third-party-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:57:24.932Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-1714", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-05T19:54:25.866905Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-05T19:54:32.230Z"}}], "cna": {"title": "Bitrix24 Remote Command Execution (RCE) via Unsafe Variable Extraction", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Lam Jun Rong & Li Jiantao of STAR Labs SG Pte. Ltd. (@starlabs_sg)"}], "impacts": [{"capecId": "CAPEC-549", "descriptions": [{"lang": "en", "value": "CAPEC-549 Local Execution of Code"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Bitrix24", "product": "Bitrix24", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "22.0.300"}], "programFiles": ["file:bitrix/modules/main/classes/general/user_options.php"], "defaultStatus": "unaffected"}], "references": [{"url": "https://starlabs.sg/advisories/23/23-1714/", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Unsafe variable extraction in bitrix/modules/main/classes/general/user_options.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via (1) appending arbitrary content to existing PHP files or (2) PHAR deserialization.", "supportingMedia": [{"type": "text/html", "value": "Unsafe variable extraction in bitrix/modules/main/classes/general/user_options.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via (1) appending arbitrary content to existing PHP files or (2) PHAR deserialization.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data"}]}], "providerMetadata": {"orgId": "b1571b85-cbc9-431f-830b-0c8155323a69", "shortName": "STAR_Labs", "dateUpdated": "2023-11-01T09:02:47.607Z"}}}, "cveMetadata": {"cveId": "CVE-2023-1714", "state": "PUBLISHED", "dateUpdated": "2024-09-05T19:54:40.749Z", "dateReserved": "2023-03-30T09:15:34.398Z", "assignerOrgId": "b1571b85-cbc9-431f-830b-0c8155323a69", "datePublished": "2023-11-01T09:02:47.607Z", "assignerShortName": "STAR_Labs"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bitrix24:bitrix24:22.0.300:*:*:*:*:*:*:*", "matchCriteriaId": "D47D6185-F86F-4402-85C1-C0A0EAE09B0D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unsafe variable extraction in bitrix/modules/main/classes/general/user_options.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via (1) appending arbitrary content to existing PHP files or (2) PHAR deserialization."}, {"lang": "es", "value": "La extracci\u00f3n de variables inseguras en bitrix/modules/main/classes/general/user_options.php en Bitrix24 22.0.300 permite a atacantes remotos autenticados ejecutar c\u00f3digo arbitrario mediante (1) a\u00f1adiendo contenido arbitrario a archivos PHP existentes o (2) deserializaci\u00f3n PHAR."}], "id": "CVE-2023-1714", "lastModified": "2023-11-09T20:38:00.327", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "info@starlabs.sg", "type": "Secondary"}]}, "published": "2023-11-01T10:15:09.050", "references": [{"source": "info@starlabs.sg", "tags": ["Exploit", "Third Party Advisory"], "url": "https://starlabs.sg/advisories/23/23-1714/"}], "sourceIdentifier": "info@starlabs.sg", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-502"}], "source": "info@starlabs.sg", "type": "Secondary"}]}