CVE-2023-39416 - OpenCVE

Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gateway Edition Ver1.62 and earlier, and Proself Mail Sanitize Edition Ver1.07 and earlier allow a remote authenticated attacker with an administrative privilege to execute arbitrary OS commands.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
North Grid Corporation	Proself Enterprise Standard Edition Proself Gateway Edition Proself Mail Sanitize Edition
Northgrid	Proself

Configuration 1 [-]

OR	cpe:2.3:a:northgrid:proself:::::mail_sanitize:::*
	cpe:2.3:a:northgrid:proself:::::gateway:::*
	cpe:2.3:a:northgrid:proself:::::enterprise:::*
	cpe:2.3:a:northgrid:proself:::::standard:::*

No data.

References

Link	Providers
https://jvn.jp/en/jp/JVN19661362/
https://www.proself.jp/information/149/
https://www.proself.jp/information/150/

History

Wed, 09 Oct 2024 14:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		North Grid Corporation North Grid Corporation proself Enterprise Standard Edition North Grid Corporation proself Gateway Edition North Grid Corporation proself Mail Sanitize Edition
CPEs		cpe:2.3:a:north_grid_corporation:proself_enterprise_standard_edition:::::::: cpe:2.3:a:north_grid_corporation:proself_gateway_edition:::::::: cpe:2.3:a:north_grid_corporation:proself_mail_sanitize_edition::::::::
Vendors & Products		North Grid Corporation North Grid Corporation proself Enterprise Standard Edition North Grid Corporation proself Gateway Edition North Grid Corporation proself Mail Sanitize Edition
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2023-08-18T09:26:31.152Z

Updated: 2024-10-09T14:10:56.901Z

Reserved: 2023-08-01T01:06:32.263Z

Link: CVE-2023-39416

Vulnrichment

Updated: 2024-08-02T18:10:20.822Z

NVD

Status : Analyzed

Published: 2023-08-18T10:15:11.887

Modified: 2023-08-23T16:48:22.340

Link: CVE-2023-39416

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-39416", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2023-08-01T01:06:32.263Z", "datePublished": "2023-08-18T09:26:31.152Z", "dateUpdated": "2024-10-09T14:10:56.901Z"}, "containers": {"cna": {"affected": [{"vendor": "North Grid Corporation", "product": "Proself Enterprise/Standard Edition", "versions": [{"version": "Ver5.61 and earlier", "status": "affected"}]}, {"vendor": "North Grid Corporation", "product": "Proself Gateway Edition", "versions": [{"version": "Ver1.62 and earlier", "status": "affected"}]}, {"vendor": "North Grid Corporation", "product": "Proself Mail Sanitize Edition", "versions": [{"version": "Ver1.07 and earlier", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gateway Edition Ver1.62 and earlier, and Proself Mail Sanitize Edition Ver1.07 and earlier allow a remote authenticated attacker with an administrative privilege to execute arbitrary OS commands."}], "problemTypes": [{"descriptions": [{"description": "OS command injection", "lang": "en", "type": "text"}]}], "references": [{"url": "https://www.proself.jp/information/149/"}, {"url": "https://www.proself.jp/information/150/"}, {"url": "https://jvn.jp/en/jp/JVN19661362/"}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2023-08-18T09:26:31.152Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:10:20.822Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.proself.jp/information/149/", "tags": ["x_transferred"]}, {"url": "https://www.proself.jp/information/150/", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/jp/JVN19661362/", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "north_grid_corporation", "product": "proself_enterprise_standard_edition", "cpes": ["cpe:2.3:a:north_grid_corporation:proself_enterprise_standard_edition:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "5.61", "versionType": "custom"}]}, {"vendor": "north_grid_corporation", "product": "proself_gateway_edition", "cpes": ["cpe:2.3:a:north_grid_corporation:proself_gateway_edition:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.62", "versionType": "custom"}]}, {"vendor": "north_grid_corporation", "product": "proself_mail_sanitize_edition", "cpes": ["cpe:2.3:a:north_grid_corporation:proself_mail_sanitize_edition:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.07", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-09T14:06:47.746548Z", "id": "CVE-2023-39416", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-09T14:10:56.901Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.proself.jp/information/149/", "tags": ["x_transferred"]}, {"url": "https://www.proself.jp/information/150/", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/jp/JVN19661362/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:10:20.822Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-39416", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-09T14:06:47.746548Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:north_grid_corporation:proself_enterprise_standard_edition:*:*:*:*:*:*:*:*"], "vendor": "north_grid_corporation", "product": "proself_enterprise_standard_edition", "versions": [{"status": "affected", "version": "0", "lessThan": "5.61", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:north_grid_corporation:proself_gateway_edition:*:*:*:*:*:*:*:*"], "vendor": "north_grid_corporation", "product": "proself_gateway_edition", "versions": [{"status": "affected", "version": "0", "lessThan": "1.62", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:north_grid_corporation:proself_mail_sanitize_edition:*:*:*:*:*:*:*:*"], "vendor": "north_grid_corporation", "product": "proself_mail_sanitize_edition", "versions": [{"status": "affected", "version": "0", "lessThan": "1.07", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-09T14:10:48.939Z"}}], "cna": {"affected": [{"vendor": "North Grid Corporation", "product": "Proself Enterprise/Standard Edition", "versions": [{"status": "affected", "version": "Ver5.61 and earlier"}]}, {"vendor": "North Grid Corporation", "product": "Proself Gateway Edition", "versions": [{"status": "affected", "version": "Ver1.62 and earlier"}]}, {"vendor": "North Grid Corporation", "product": "Proself Mail Sanitize Edition", "versions": [{"status": "affected", "version": "Ver1.07 and earlier"}]}], "references": [{"url": "https://www.proself.jp/information/149/"}, {"url": "https://www.proself.jp/information/150/"}, {"url": "https://jvn.jp/en/jp/JVN19661362/"}], "descriptions": [{"lang": "en", "value": "Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gateway Edition Ver1.62 and earlier, and Proself Mail Sanitize Edition Ver1.07 and earlier allow a remote authenticated attacker with an administrative privilege to execute arbitrary OS commands."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "OS command injection"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2023-08-18T09:26:31.152Z"}}}, "cveMetadata": {"cveId": "CVE-2023-39416", "state": "PUBLISHED", "dateUpdated": "2024-10-09T14:10:56.901Z", "dateReserved": "2023-08-01T01:06:32.263Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2023-08-18T09:26:31.152Z", "assignerShortName": "jpcert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:northgrid:proself:*:*:*:*:mail_sanitize:*:*:*", "matchCriteriaId": "08080859-2BE8-4E98-A71F-55B05FFF34CD", "versionEndIncluding": "1.07", "vulnerable": true}, {"criteria": "cpe:2.3:a:northgrid:proself:*:*:*:*:gateway:*:*:*", "matchCriteriaId": "62F99405-78A1-4911-8731-AF45ACCEC028", "versionEndIncluding": "1.62", "vulnerable": true}, {"criteria": "cpe:2.3:a:northgrid:proself:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "FFCCF32A-D960-4A11-BAE5-253BDED708E6", "versionEndIncluding": "5.61", "vulnerable": true}, {"criteria": "cpe:2.3:a:northgrid:proself:*:*:*:*:standard:*:*:*", "matchCriteriaId": "EDA2D322-61CB-4252-912E-2DAA674DF9B6", "versionEndIncluding": "5.61", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gateway Edition Ver1.62 and earlier, and Proself Mail Sanitize Edition Ver1.07 and earlier allow a remote authenticated attacker with an administrative privilege to execute arbitrary OS commands."}, {"lang": "es", "value": "Proself Enterprise/Standard Edition Ver5.61 y anteriores, Proself Gateway Edition Ver1.62 y anteriores, y Proself Mail Sanitize Edition Ver1.07 y anteriores permiten a un atacante remoto autenticado con privilegios administrativos ejecutar comandos arbitrarios del sistema operativo.\n"}], "id": "CVE-2023-39416", "lastModified": "2023-08-23T16:48:22.340", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-18T10:15:11.887", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN19661362/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://www.proself.jp/information/149/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://www.proself.jp/information/150/"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}