The API endpoints in Ironman PowerShell Universal 3.0.0 through 4.2.0 allow remote attackers to execute arbitrary commands via crafted HTTP requests if a param block is used, due to invalid sanitization of input strings. The fixed versions are 3.10.2, 4.1.10, and 4.2.1.
References
Link | Resource |
---|---|
https://blog.ironmansoftware.com/powershell-universal-apis-cve/ | Exploit Mitigation Vendor Advisory |
https://docs.powershelluniversal.com/changelogs/changelog | Release Notes |
https://blog.ironmansoftware.com/powershell-universal-apis-cve/ | Exploit Mitigation Vendor Advisory |
https://docs.powershelluniversal.com/changelogs/changelog | Release Notes |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:33
Type | Values Removed | Values Added |
---|---|---|
References | () https://blog.ironmansoftware.com/powershell-universal-apis-cve/ - Exploit, Mitigation, Vendor Advisory | |
References | () https://docs.powershelluniversal.com/changelogs/changelog - Release Notes |
30 Nov 2023, 05:38
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-77 | |
References | () https://docs.powershelluniversal.com/changelogs/changelog - Release Notes | |
References | () https://blog.ironmansoftware.com/powershell-universal-apis-cve/ - Exploit, Mitigation, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CPE | cpe:2.3:a:ironmansoftware:powershell_universal:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:ironmansoftware:powershell_universal:*:*:*:*:*:*:*:* |
24 Nov 2023, 15:24
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-23 22:15
Updated : 2024-11-21 08:33
NVD link : CVE-2023-49213
Mitre link : CVE-2023-49213
CVE.ORG link : CVE-2023-49213
JSON object : View
Products Affected
ironmansoftware
- powershell_universal
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')