Vulnerabilities > CVE-2023-5183 - Deserialization of Untrusted Data vulnerability in Illumio Core Policy Compute Engine

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

illumio

CWE-502

NVD

Published: 2023-09-27

Updated: 2023-10-02

Summary

Unsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE. Authentication to the API is required to exploit this vulnerability. The flaw exists within the network_traffic API endpoint. An attacker can leverage this vulnerability to execute code in the context of the PCE’s operating system user.

Vulnerable Configurations

Part	Description	Count
Application	Illumio Illumio Core Policy Compute Engine - Illumio Core Policy Compute Engine 21.2.0 Illumio Core Policy Compute Engine 21.5.0 Illumio Core Policy Compute Engine 22.2.0 Illumio Core Policy Compute Engine 22.5.0 Illumio Core Policy Compute Engine 23.2.0	6

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

References

https://docs.illumio.com/Guides/security-advisories/september-2023/cve-2023-5183.htm