Multiple vulnerabilities in EspoCRM

Posted date 10/11/2023

Importance

5 - Critical

Affected Resources

EspoCRM, versions equal or previous to 7.5.2.

Description

INCIBE has coordinated the publication of 2 vulnerabilities that affect EspoCRM, which have been discovered by Pedro José Navas Pérez from Hispasec.

These vulnerabilities has been assigned the following code, CVSS v3.1 base score, CVSS vector string, and CWE vulnerability type:

CVE-2023-5965 y CVE-2023-5966: CVSS v3.1: 9.1 | CVSS: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H | CWE-434.

Solution

Users with administrator profile can load extensions and updates by design, as this is a functionality that most users use and request. It is possible to restrict exploitation of the vulnerability by enabling the "restrictedMode" option in the configuration menu.

Detail

CVE-2023-5965 and CVE-2023-5966: an authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form and the extension deployment form respectively, which could lead to arbitrary PHP code execution.

References list

Web del fabricante

Etiquetas