CVE-2023-33965 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2023-33965

CVE-2023-33965

June 01, 2023

Brook is a cross-platform programmable network tool. The `tproxy` server is vulnerable to a drive-by command injection. An attacker may fool a victim into visiting a malicious web page which will trigger requests to the local `tproxy` service leading to remote code execution. A patch is available in version 20230606.

Related Resources (4)

https://github.com/txthinking/brook/security/advisories/GHSA-vfrj-fv6p-3cpf

https://github.com/txthinking/brook

https://github.com/txthinking/brook/commit/314d7070c37babf6c38a0fe1eada872bb74bf03e

https://nvd.nist.gov/vuln/detail/CVE-2023-33965

Do you need more information?

CVSS v4

Base Score:

9.4

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

PASSIVE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

HIGH

Subsequent System Integrity

HIGH

Subsequent System Availability

HIGH

CVSS v3

Base Score:

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-78

EPSS

Base Score:

6.33

Products

Solutions

Resources

Company

Compare

Developer Tools