CVE-2023-43783 - Vulnerability Details - OpenCVE

Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasio.reg Temporary File. The filename is used even if it has been created by a local adversary before Cadence started. The adversary can leverage this to create or overwrite files via a symlink attack. In some kernel configurations, code injection into the Wine registry is possible.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0005.

Exploitation poc

Automatable yes

Technical Impact partial

Vendors	Products
Falktx	Cadence

Configuration 1 [-]

cpe:2.3:a:falktx:cadence:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-48160	Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasio.reg Temporary File. The filename is used even if it has been created by a local adversary before Cadence started. The adversary can leverage this to create or overwrite files via a symlink attack. In some kernel configurations, code injection into the Wine registry is possible.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2023/10/05/4
https://bugzilla.suse.com/show_bug.cgi?id=1213985
https://github.com/falkTX/Cadence

History

Tue, 24 Sep 2024 19:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-09-22T00:00:00

Updated: 2024-09-24T18:18:51.396Z

Reserved: 2023-09-22T00:00:00

Link: CVE-2023-43783

Vulnrichment

Updated: 2024-08-02T19:52:11.025Z

NVD

Status : Modified

Published: 2023-09-22T06:15:10.697

Modified: 2024-11-21T08:24:46.290

Link: CVE-2023-43783

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-43783", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-09-24T18:18:51.396Z", "dateReserved": "2023-09-22T00:00:00", "datePublished": "2023-09-22T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-10-05T11:06:10.289066"}, "descriptions": [{"lang": "en", "value": "Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasio.reg Temporary File. The filename is used even if it has been created by a local adversary before Cadence started. The adversary can leverage this to create or overwrite files via a symlink attack. In some kernel configurations, code injection into the Wine registry is possible."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/falkTX/Cadence"}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=1213985"}, {"name": "[oss-security] 20231005 Cadence: Fixed /tmp path issues; no longer maintained by upstream (CVE-2023-43782, CVE-2023-43783)", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2023/10/05/4"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:52:11.025Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/falkTX/Cadence", "tags": ["x_transferred"]}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=1213985", "tags": ["x_transferred"]}, {"name": "[oss-security] 20231005 Cadence: Fixed /tmp path issues; no longer maintained by upstream (CVE-2023-43782, CVE-2023-43783)", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2023/10/05/4"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-24T18:18:32.191470Z", "id": "CVE-2023-43783", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-24T18:18:51.396Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/falkTX/Cadence", "tags": ["x_transferred"]}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=1213985", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2023/10/05/4", "name": "[oss-security] 20231005 Cadence: Fixed /tmp path issues; no longer maintained by upstream (CVE-2023-43782, CVE-2023-43783)", "tags": ["mailing-list", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:52:11.025Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-43783", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-24T18:18:32.191470Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-24T18:18:43.112Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/falkTX/Cadence"}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=1213985"}, {"url": "http://www.openwall.com/lists/oss-security/2023/10/05/4", "name": "[oss-security] 20231005 Cadence: Fixed /tmp path issues; no longer maintained by upstream (CVE-2023-43782, CVE-2023-43783)", "tags": ["mailing-list"]}], "descriptions": [{"lang": "en", "value": "Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasio.reg Temporary File. The filename is used even if it has been created by a local adversary before Cadence started. The adversary can leverage this to create or overwrite files via a symlink attack. In some kernel configurations, code injection into the Wine registry is possible."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-10-05T11:06:10.289066"}}}, "cveMetadata": {"cveId": "CVE-2023-43783", "state": "PUBLISHED", "dateUpdated": "2024-09-24T18:18:51.396Z", "dateReserved": "2023-09-22T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-09-22T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:falktx:cadence:*:*:*:*:*:*:*:*", "matchCriteriaId": "C304F6DA-EAA6-4B9A-BD5A-1BD3CEB51D28", "versionEndIncluding": "0.9.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasio.reg Temporary File. The filename is used even if it has been created by a local adversary before Cadence started. The adversary can leverage this to create or overwrite files via a symlink attack. In some kernel configurations, code injection into the Wine registry is possible."}, {"lang": "es", "value": "Cadence hasta 0.9.2 2023-08-21 utiliza un Archivo Temporal /tmp/cadence-wineasio.reg inseguro. El nombre del archivo se utiliza incluso si ha sido creado por un adversario local antes de que comenzara Cadence. El adversario puede aprovechar esto para crear o sobrescribir archivos mediante un ataque de enlace simb\u00f3lico. En algunas configuraciones del kernel, es posible la inyecci\u00f3n de c\u00f3digo en el registro de Wine."}], "id": "CVE-2023-43783", "lastModified": "2024-11-21T08:24:46.290", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-22T06:15:10.697", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2023/10/05/4"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1213985"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://github.com/falkTX/Cadence"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2023/10/05/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1213985"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://github.com/falkTX/Cadence"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-668"}], "source": "nvd@nist.gov", "type": "Primary"}]}