SysAid On-Premise RCE (CVE-2023-47246)
Description
SysAid On-Premise software contains a path traversal vulnerability (CVE-2023-47246) that allows attackers to write arbitrary files to the server filesystem. By exploiting this flaw, an unauthenticated remote attacker can upload malicious files to executable directories, leading to remote code execution with the privileges of the SysAid application.
Remediation
Immediately upgrade SysAid On-Premise to version 23.3.36 or later, which addresses this vulnerability. If immediate patching is not possible, implement the following temporary mitigations: (1) Restrict network access to the SysAid server to trusted IP addresses only using firewall rules, (2) Monitor system logs for suspicious file upload activity or unexpected process execution, (3) Conduct a thorough security audit of the system to identify any signs of compromise. After upgrading, review system integrity and verify no unauthorized modifications were made during the vulnerable period.