CVE-2023-47246

Vulnerability updated 7 months ago (2024-05-04T22:18:00.237Z)

Download STIX

Preview STIX

CVE-2023-47246 is a critical zero-day vulnerability discovered in the SysAid IT support and management software solution. The flaw, identified as a path traversal vulnerability, has been exploited by Lace Tempest, a ransomware affiliate known for deploying Cl0p ransomware. This vulnerability allows threat actors to gain unauthorized access to affected systems and execute arbitrary code, thereby posing a significant risk to system security. The exploitation of CVE-2023-47246 by Lace Tempest was aimed at achieving code execution within on-premises versions of SysAid. Microsoft was the first to identify this issue and promptly notified SysAid about the potential risk. Upon receiving this information, SysAid immediately took action to rectify the problem, demonstrating their commitment to maintaining the integrity of their software solutions. SysAid has released a patch to address CVE-2023-47246, and organizations using their software are strongly advised to apply it without delay. In addition to patching, companies should proactively search for signs of exploitation prior to the patch application, as Lace Tempest is likely to use their access to exfiltrate data and deploy Clop ransomware. By taking these preventive measures, organizations can significantly reduce the risk of falling victim to this exploit.

Description last updated: 2024-05-04T22:01:07.801Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Sysaid

Vulnerability

Ransomware

Microsoft

Exploit

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Clop Malware is associated with CVE-2023-47246. Clop, a malicious software (malware), is linked to a Russian-speaking cybercriminal group also known as Cl0p. It is designed to exploit and damage computer systems by stealing personal information, disrupting operations, or holding data hostage for ransom. In May 2023, the Clop group began exploitin	has used	2

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Lace Tempest Threat Actor is associated with CVE-2023-47246. Lace Tempest, a threat actor known for executing actions with malicious intent, has been identified as the orchestrator behind a series of cyber attacks exploiting a zero-day vulnerability in SysAid. The exploit was first brought to light by SysAid and further detailed in a blog post on TuxCare. Thi	has used	2

Source Document References

Information about the CVE-2023-47246 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	10 months ago	Apache OFBiz Authentication Bypass Vulnerability (CVE-2023-51467) \| Zscaler
CERT-EU	a year ago	Top 10 Ransomware Malware Attacks of 2023
CERT-EU	a year ago	Lace Tempest Exploits SysAid Zero-Day Flaw
CERT-EU	a year ago	Cyber Security Week In Review: November 17, 2023
CERT-EU	a year ago	SysAid Zero-Day Vulnerability Exploited by Threat Actors
CERT-EU	a year ago	Coverage Advisory for CVE-2023-47246 SysAid Zero-Day Vulnerability \| Zscaler
CERT-EU	a year ago	Juniper networking devices under attack - Help Net Security
Securityaffairs	a year ago	CISA adds five vulnerabilities in Juniper devices to its Known Exploited Vulnerabilities catalog
CERT-EU	a year ago	CISA Adds Six Known Exploited Vulnerabilities to Catalog \| CISA
CERT-EU	a year ago	DP World Australia, the country's second largest port operator, shuts down after a cyber attack, impacting the movement of goods in and out of the country
CERT-EU	a year ago	Microsoft and SysAid Find Clop Malware Vulnerability
CERT-EU	a year ago	Clop ransomware gang targets SysAid server bug
CERT-EU	a year ago	SysAid zero-day exploited by Clop ransomware group
CERT-EU	a year ago	SysAid zero-day exploited by Clop ransomware group
CERT-EU	a year ago	CVE-2023-47246: SysAid Flaw Used in Clop Ransomware Attacks
InfoSecurity-magazine	a year ago	MOVEit Gang Targets SysAid Customers With Zero-Day Attacks
DARKReading	a year ago	MOVEit Hackers Pivot to SysAid Zero-Day in Ransomware Attacks
BankInfoSecurity	a year ago	MOVEit Hackers Turn to SysAid Zero-Day Bug
CERT-EU	a year ago	Zero-Day Alert: Lace Tempest Exploits SysAid IT Support Software Vulnerability
Malwarebytes	a year ago	Update now! SysAid vulnerability is actively being exploited by ransomware affiliate \| Malwarebytes