#VU92122 Business Logic Errors in Froxlor - CVE-2023-4304


Vulnerability identifier: #VU92122

Vulnerability risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-4304

CWE-ID: CWE-840

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Froxlor
Client/Desktop applications / Software for system administration

Vendor: froxlor

Description

The vulnerability allows a remote privileged user to modify data on the system.

The vulnerability exists due to business logic errors. A remote privileged user can trigger the vulnerability to modify data on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Froxlor: before 2.0.22

External links
https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9
https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Dell Secured Component Verification (SCV)