CVE-2023-35853
 
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section.
En Suricata antes de la versión 6.0.13, un adversario que controle una fuente externa de reglas Lua puede ser capaz de ejecutar código Lua. Esto se soluciona en la versión 6.0.13 deshabilitando Lua a menos que "allow-rules" sea verdadero en la sección de configuración de seguridad de Lua.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-06-19 CVE Reserved
- 2023-06-19 CVE Published
- 2024-07-21 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://www.stamus-networks.com/stamus-labs | Not Applicable |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/OISF/suricata/commit/b95bbcc66db526ffcc880eb439dbe8abc87a81da | 2023-06-28 |
URL | Date | SRC |
---|---|---|
https://github.com/OISF/suricata/compare/suricata-6.0.12...suricata-6.0.13 | 2023-06-28 |