CVE-2023-37569 HIGH

CVE-2023-37569: OS Command Injection Vulnerability in Emagic Data Center Management Suite

Vendor Esds

Product Emagic Data Center Management Suite

Weakness CWE-78

Published August 8, 2023

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

This vulnerability exists in ESDS Emagic Data Center Management Suit due to lack of input sanitization in its Ping component. A remote authenticated attacker could exploit this by injecting OS commands on the targeted system. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on targeted system.

Key dates

02Disclosure timeline

August 8, 2023 CVE published

February 13, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-37569 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

CVE-2023-37569: OS Command Injection Vulnerability in Emagic Data Center Management Suite

01Description

02Disclosure timeline

03References

04Related CVE