{"vulnerability": "cve-2023-2356", "sightings": [{"uuid": "20579f65-340d-4809-a59f-a38929801059", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23566", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10733", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-23566\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service (or add an account to Outlook or Gmail, etc.) with IMAP or POP3 without any verification code.\n\ud83d\udccf Published: 2023-01-13T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-07T15:33:54.064Z\n\ud83d\udd17 References:\n1. https://github.com/umz-cert/vulnerabilities/issues/1\n2. https://github.com/umz-cert/vulnerabilitys/blob/patch-1/Axigen%20Mail%20Server%2010.3.3.52%202-Step%20verification\n3. https://www.axigen.com/mail-server/download/\n4. https://www.axigen.com/documentation/2-step-verification-two-factor-authentication-for-webmail-p69140479", "creation_timestamp": "2025-04-07T15:45:37.000000Z"}, {"uuid": "fe20df12-644d-4162-9cc2-c604bf3f74c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23561", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1537", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-23561\n\ud83d\udd39 Description: Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control: authenticated users can read sensitive information.\n\ud83d\udccf Published: 2023-05-30T00:00:00\n\ud83d\udccf Modified: 2025-01-14T16:49:59.727Z\n\ud83d\udd17 References:\n1. https://advisories.stormshield.eu\n2. https://advisories.stormshield.eu/2023-001/", "creation_timestamp": "2025-01-14T17:21:28.000000Z"}, {"uuid": "5e046ea4-1823-4526-8d89-be883c9b2a20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23562", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1187", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-23562\n\ud83d\udd39 Description: Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control that allows an authenticated user can update global parameters.\n\ud83d\udccf Published: 2023-05-31T00:00:00\n\ud83d\udccf Modified: 2025-01-10T16:28:06.397Z\n\ud83d\udd17 References:\n1. https://advisories.stormshield.eu\n2. https://advisories.stormshield.eu/2023-002/", "creation_timestamp": "2025-01-10T17:05:53.000000Z"}, {"uuid": "e85c3afc-6dad-4d5d-8562-dfe9d4bfe4d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23560", "type": "seen", "source": "https://t.me/ctinow/89659", "content": "CVE-2023-23560 flaw exposes 100 Lexmark printer models to hack\n\nhttps://ift.tt/ec4yj9T", "creation_timestamp": "2023-01-27T09:37:57.000000Z"}, {"uuid": "f04d76c0-e3b9-40b0-8f7c-b4224167cbba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23560", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/3994", "content": "Lexmark \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f RCE-\u043e\u0448\u0438\u0431\u043a\u0438, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0435\u0439 100 \u043c\u043e\u0434\u0435\u043b\u0435\u0439 \u043f\u0440\u0438\u043d\u0442\u0435\u0440\u043e\u0432, \u0434\u043b\u044f \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d PoC.\n\n\u0421\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u043e\u0439 \u0437\u0430\u043f\u0440\u043e\u0441\u0430 \u043d\u0430 \u0441\u0442\u043e\u0440\u043e\u043d\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 (SSRF) \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0432\u0435\u0431-\u0441\u043b\u0443\u0436\u0431 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 Lexmark \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2023-23560 \u0438 \u0438\u043c\u0435\u0435\u0442 \u0440\u0435\u0439\u0442\u0438\u043d\u0433 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 9,0.\n\n\u0412 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u0435\u0442\u0441\u044f, \u0447\u0442\u043e \u043e\u0448\u0438\u0431\u043a\u0430 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f RCE \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435, \u0447\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u0438\u043c\u0435\u0442\u044c \u0431\u043e\u043b\u0435\u0435 \u0448\u0438\u0440\u043e\u043a\u043e\u0435 \u0432\u043b\u0438\u044f\u043d\u0438\u0435 \u043d\u0430 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044e.\n\n\u0412 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435 \u0441\u043b\u0443\u0436\u0431\u044b \u043f\u0435\u0447\u0430\u0442\u0438 SSRF-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0436\u0435\u0442 \u0434\u0430\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u0447\u0435\u0442\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c \u0434\u043b\u044f \u0441\u0435\u0442\u0438, \u043a \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d \u043f\u0440\u0438\u043d\u0442\u0435\u0440, \u0438 \u043f\u0435\u0440\u0435\u0439\u0442\u0438 \u043a \u0434\u0440\u0443\u0433\u0438\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c \u0432 \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0435 \u0441\u043e \u0432\u0441\u0435\u043c\u0438 \u0432\u044b\u0442\u0435\u043a\u0430\u044e\u0449\u0438\u043c\u0438.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u044e PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 \u0432 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f.\n\n\u041f\u043e\u043b\u043d\u044b\u0439 \u0441\u043f\u0438\u0441\u043e\u043a \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432, \u0432\u044b\u043f\u0443\u0441\u043a\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u043f\u0440\u043e\u0448\u0438\u0432\u043e\u043a \u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u0432\u0435\u0440\u0441\u0438\u044f, \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0449\u0430\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0432 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u0435 \u043f\u043e\u00a0\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Lexmark.\n\nCVE-2023-23560 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0448\u0438\u0440\u043e\u043a\u0438\u0439 \u0441\u043f\u0435\u043a\u0442\u0440 \u043f\u0440\u0438\u043d\u0442\u0435\u0440\u043e\u0432, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0430\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 Lexmark \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043e\u0437\u043d\u0430\u043a\u043e\u043c\u0438\u0442\u044c\u0441\u044f \u0441 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u044f\u043c\u0438 \u0438 \u0443\u0431\u0435\u0434\u0438\u0442\u044c\u0441\u044f \u0432 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u043c\u0438\u043a\u0440\u043e\u041f\u041e, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u043e\u0439 18 \u044f\u043d\u0432\u0430\u0440\u044f 2022 \u0433. \u0438\u043b\u0438 \u043f\u043e\u0437\u0434\u043d\u0435\u0435.\n\n\u0414\u043b\u044f \u0442\u0435\u0445, \u043a\u0442\u043e \u043d\u0435 \u043c\u043e\u0436\u0435\u0442 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435, Lexmark \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u0435\u0442 \u043e\u0431\u0445\u043e\u0434\u043d\u043e\u0439 \u043f\u0443\u0442\u044c \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0432\u0435\u0431-\u0441\u043b\u0443\u0436\u0431 \u043d\u0430 TCP-\u043f\u043e\u0440\u0442\u0443 65002, \u0431\u043b\u043e\u043a\u0438\u0440\u0443\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c CVE-2023-23560.", "creation_timestamp": "2023-01-27T10:09:59.000000Z"}, {"uuid": "c241e9b1-a9b8-4bab-b208-88e3f3fce0bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23560", "type": "published-proof-of-concept", "source": "Telegram/cnIbD3FY3ws4mJAKhjxxyv_cASc50RCA-ouVNAfeecvvSIU", "content": "", "creation_timestamp": "2023-11-16T09:43:18.000000Z"}, {"uuid": "2ab4bd72-ef26-46f5-a105-46b1df59f1f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23560", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/2481", "content": "\u200aCVE-2023-23560 flaw exposes 100 Lexmark printer models to hack\n\nhttps://securityaffairs.com/141428/hacking/lexmark-cve-2023-23560-rce.html", "creation_timestamp": "2023-01-30T20:17:41.000000Z"}, {"uuid": "f4f96c20-1747-4eeb-bcf1-62f9976e2dba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2356", "type": "seen", "source": "https://t.me/cibsecurity/63024", "content": "\u203c CVE-2023-2356 \u203c\n\nRelative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-28T07:26:59.000000Z"}, {"uuid": "a0eb812e-93f4-43c8-b8ec-80c7392ebe3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23568", "type": "seen", "source": "https://t.me/cibsecurity/67194", "content": "\u203c CVE-2023-23568 \u203c\n\nImproper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields.This issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-25T07:26:32.000000Z"}, {"uuid": "23eac9e7-d264-4ecc-b8d4-36853d95e8cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23565", "type": "seen", "source": "https://t.me/cibsecurity/68983", "content": "\u203c CVE-2023-23565 \u203c\n\nAn issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to retrieve PHP files from the server via Local File Inclusion.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-22T22:22:04.000000Z"}, {"uuid": "18f8f13b-f3c5-4068-8bd1-69451141ff62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23566", "type": "seen", "source": "https://t.me/cibsecurity/56468", "content": "\u203c CVE-2023-23566 \u203c\n\nA 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service (or add an account to Outlook or Gmail, etc.) with IMAP or POP3 without any verification code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-13T07:30:54.000000Z"}, {"uuid": "abd683d1-4c9e-4be8-8f4e-44b4c1db0324", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23560", "type": "seen", "source": "https://t.me/cibsecurity/56873", "content": "\u203c CVE-2023-23560 \u203c\n\nIn certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-24T00:25:12.000000Z"}, {"uuid": "888ebb27-e1b3-40d0-bdf2-90bd90935639", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23560", "type": "published-proof-of-concept", "source": "https://t.me/xakep_ru/13544", "content": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0433\u0440\u043e\u0436\u0430\u0435\u0442 \u043f\u0440\u0438\u043d\u0442\u0435\u0440\u0430\u043c Lexmark\n\n\u0411\u043e\u043b\u0435\u0435 120 \u043c\u043e\u0434\u0435\u043b\u0435\u0439 \u043f\u0440\u0438\u043d\u0442\u0435\u0440\u043e\u0432 Lexmark \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0435 CVE-2023-23560, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0435\u0439 9 \u0431\u0430\u043b\u043b\u043e\u0432 \u0438\u0437 10 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 CVSS. \u0411\u0430\u0433 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0438\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430, \u0438 \u0434\u043b\u044f \u0435\u0433\u043e \u0443\u0436\u0435 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442.\n\nhttps://xakep.ru/2023/01/30/lexmark-rce/", "creation_timestamp": "2023-01-30T16:44:35.000000Z"}]}