Main Vulnerability Database Exploits ID:9429 - Exploit for Code injection in vm2 - CVE-2023-30547

ID:9429 - Exploit for Code injection in vm2 - CVE-2023-30547

Published: December 18, 2023

Vulnerability identifier: #VU75367

Vulnerability risk: Medium

CVE-ID: CVE-2023-30547

CWE-ID: CWE-74

Exploitation vector: Remote access

Vulnerable software:
vm2

Link to public exploit:

https://github.com/rvizx/CVE-2023-30547

Vulnerability description

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to an error in exception sanitization. A remote user can raise an unsanitized host exception inside "handleException()", which can be used to escape the sandbox and run arbitrary code in host context.

Remediation

Install updates from vendor's website.

ID:9429 - Exploit for Code injection in vm2 - CVE-2023-30547

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human