CVE-2023-47246

Vulnerability updated 23 days ago (2024-11-29T14:13:08.482Z)
Download STIX
Preview STIX
CVE-2023-47246 is a critical zero-day vulnerability discovered in the SysAid IT support and management software solution. The flaw, identified as a path traversal vulnerability, has been exploited by Lace Tempest, a ransomware affiliate known for deploying Cl0p ransomware. This vulnerability allows threat actors to gain unauthorized access to affected systems and execute arbitrary code, thereby posing a significant risk to system security. The exploitation of CVE-2023-47246 by Lace Tempest was aimed at achieving code execution within on-premises versions of SysAid. Microsoft was the first to identify this issue and promptly notified SysAid about the potential risk. Upon receiving this information, SysAid immediately took action to rectify the problem, demonstrating their commitment to maintaining the integrity of their software solutions. SysAid has released a patch to address CVE-2023-47246, and organizations using their software are strongly advised to apply it without delay. In addition to patching, companies should proactively search for signs of exploitation prior to the patch application, as Lace Tempest is likely to use their access to exfiltrate data and deploy Clop ransomware. By taking these preventive measures, organizations can significantly reduce the risk of falling victim to this exploit.
Description last updated: 2024-05-04T22:01:07.801Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Sysaid
Vulnerability
Ransomware
Microsoft
Exploit
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Clop Malware is associated with CVE-2023-47246. Clop, a malicious software (malware), is linked to a Russian-speaking cybercriminal group also known as Cl0p. It is designed to exploit and damage computer systems by stealing personal information, disrupting operations, or holding data hostage for ransom. In May 2023, the Clop group began exploitinhas used
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Lace Tempest Threat Actor is associated with CVE-2023-47246. Lace Tempest, a threat actor known for executing actions with malicious intent, has been identified as the orchestrator behind a series of cyber attacks exploiting a zero-day vulnerability in SysAid. The exploit was first brought to light by SysAid and further detailed in a blog post on TuxCare. Thihas used
2
Source Document References
Information about the CVE-2023-47246 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
InfoSecurity-magazine
a year ago
DARKReading
a year ago
BankInfoSecurity
a year ago
CERT-EU
a year ago
Malwarebytes
a year ago