Sitecore XP TemplateParser RCE (CVE-2023-35813)
Description
Sitecore Experience Platform (XP) contains a critical remote code execution vulnerability in its TemplateParser component. When the TemplateParser is exposed and accessible, attackers can exploit ASP.NET template parsing functionality by sending specially crafted HTTP requests that inject malicious code, allowing arbitrary command execution on the server without authentication.
Remediation
Apply the security patches provided by Sitecore immediately. Review Sitecore Security Bulletin SC2023-002-576660 for specific patch versions applicable to your Sitecore XP installation. If immediate patching is not possible, implement the following temporary mitigations: (1) Restrict network access to the Sitecore instance using firewall rules or web application firewall (WAF) policies to block unauthorized requests to TemplateParser endpoints, (2) Review and disable any unnecessary exposed endpoints, (3) Monitor web server logs for suspicious HTTP requests targeting template parsing functionality. After patching, verify the fix by confirming that TemplateParser endpoints are no longer publicly accessible and conduct a security assessment to ensure no compromise occurred prior to remediation.