Vulnerabilities > CVE-2023-43176 - Deserialization of Untrusted Data vulnerability in Afterlogic Aurora Files 9.7.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
References
- http://afterlogic.com
- http://afterlogic.com
- http://aurora.com
- http://aurora.com
- https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H&version=3.1
- https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H&version=3.1
- https://sec.leonardini.dev/blog/cve-2023-43176-rce_aurora_files/
- https://sec.leonardini.dev/blog/cve-2023-43176-rce_aurora_files/