CVE-2023-1246:
Saysis Starcities through version 1.3 contains a vulnerability where files or directories are accessible to external parties, allowing unauthorized data collection from common resource locations.
Score
A numerical rating that indicates how dangerous this vulnerability is.
7.5High- Published Date:Mar 10, 2023
- CISA KEV Date:*No Data*
- Industries Affected:20
Threat Predictions
- EPSS Score:0.4
- EPSS Percentile:59%
Exploitability
- Score:3.9
- Attack Vector:NETWORK
- Attack Complexity:LOW
- Privileges Required:NONE
- User Interaction:NONE
- Scope:UNCHANGED
Impact
- Score:3.6
- Confidentiality Impact:HIGH
- Integrity Impact:NONE
- Availability Impact:NONE
Description Preview
Saysis Starcities through version 1.3 contains a vulnerability where files or directories are accessible to external parties, allowing unauthorized data collection from common resource locations.
Overview
This vulnerability (CVE-2023-1246) in Saysis Starcities through version 1.3 is related to improper access controls on files and directories. The CWE-552 classification indicates that files or directories that should be private are accessible to unauthorized external parties. This exposure allows attackers to access and collect data from common resource locations that should otherwise be protected. The vulnerability potentially exposes sensitive information to unauthorized users, which could lead to information disclosure, data breaches, or serve as a stepping stone for further attacks.
Remediation
- To address this vulnerability, organizations using Saysis Starcities should:
- 1. Update to a version newer than 1.3 if available
- 2. Implement proper file and directory permissions to restrict access to authorized users only
- 3. Configure web server security settings to prevent directory listing and unauthorized file access
- 4. Use access control mechanisms like authentication and authorization for sensitive resources
- 5. Regularly audit file system permissions and access controls
- 6. Consider implementing network segmentation to limit access to sensitive resources
- 7. Monitor for unauthorized access attempts to detect potential exploitation
References
- 1. Turkish National Computer Emergency Response Team (USOM) Advisory: https://www.usom.gov.tr/bildirim/tr-23-0140
- 2. Common Weakness Enumeration (CWE-552): Files or Directories Accessible to External Parties
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
